CVE-2017-1000503
Race Condition in Jenkins
8.1
HIGH
CVSS 3.1
EPSS 2.7%
Description
A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default.
How to fix CVE-2017-1000503
To remediate CVE-2017-1000503, upgrade the affected package to a fixed version below.
- —upgrade to 2.89.2 or later
Is CVE-2017-1000503 being exploited?
Low — EPSS is 2.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 2.81, < 2.89.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |