CVE-2017-1000503
Description
A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default.
Risk Information
Base Score
8.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.745
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities affected in Jenkins 2.89.1 | Windows |
| Vulnerabilities CVE-2017-1000503,CVE-2017-1000504 are fixed in Jenkins-Core 2.89.2 | Windows |
| Vulnerabilities CVE-2017-1000503,CVE-2017-1000504 are fixed in Jenkins-Core 2.95 | Windows |
| Multiple vulnerabilities affected in Jenkins 2.89.1 (For Ubuntu) | Linux |
| Multiple vulnerabilities affected in Jenkins 2.89.1 (For Debian) | Linux |
| Multiple vulnerabilities affected in Jenkins 2.89.1 (For Centos) | Linux |
| Multiple vulnerabilities affected in Jenkins 2.89.1 (For RedHat) | Linux |
| Multiple vulnerabilities affected in Jenkins 2.89.1 (For Suse) | Linux |
| Vulnerabilities CVE-2017-1000503,CVE-2017-1000504 are fixed in Jenkins-Core for Linux 2.89.2 | Linux |
| Vulnerabilities CVE-2017-1000503,CVE-2017-1000504 are fixed in Jenkins-Core for Linux 2.95 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234