Description
A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after startup during which Jenkins may no longer show the 'Please wait while Jenkins is getting ready to work' message but Cross-Site Request Forgery (CSRF) protection may not yet be effective.
Remediation
References
Related Vulnerabilities
MySQL CVE-2023-22110 Vulnerability (CVE-2023-22110)
WordPress Plugin myCred-Points, Rewards, Gamification, Ranks, Badges & Loyalty SQL Injection (2.2)
MySQL CVE-2021-2031 Vulnerability (CVE-2021-2031)
PrestaShop Improper Privilege Management Vulnerability (CVE-2013-6295)
WordPress Plugin YITH WooCommerce Authorize.net Payment Gateway Security Bypass (1.1.12)