FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jenkins -- Two startup race conditions

Affected packages
jenkins < 2.95
jenkins-lts < 2.89.2

Details

VuXML ID 7136e6b7-e1b3-11e7-a4d3-000c292ee6b8
Discovery 2017-12-14
Entry 2017-12-15

The Jenkins project reports:

A race condition during Jenkins startup could result in the wrong order of execution of commands during initialization.

On Jenkins 2.81 and newer, including LTS 2.89.1, this could in rare cases (we estimate less than 20% of new instances) result in failure to initialize the setup wizard on the first startup.

There is a very short window of time after startup during which Jenkins may no longer show the "Please wait while Jenkins is getting ready to work" message, but Cross-Site Request Forgery (CSRF) protection may not yet be effective.

References

URL https://jenkins.io/security/advisory/2017-12-14/