Description

A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default.

Remediation

References

https://jenkins.io/security/advisory/2017-12-14/

Related Vulnerabilities

CVE-2022-31175 Vulnerability in npm package @ckeditor/ckeditor5-markdown-gfm

CVE-2023-32993 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp

CVE-2018-1275 Vulnerability in maven package org.springframework:spring-messaging

CVE-2023-29207 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2022-24719 Vulnerability in npm package fluture-node

Severity

Critical

Classification

CWE-362 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory