Show plain JSON{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "matchCriteriaId": "6206303A-CB18-4063-A633-A8AE7BB13885", "versionEndIncluding": "2.94", "versionStartIncluding": "2.81", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:jenkins:2.89.1:*:*:*:lts:*:*:*", "matchCriteriaId": "F14937F4-6BF9-4BDC-B698-6EA53CC6FB26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default."}, {"lang": "es", "value": "Una condici\u00f3n de carrera durante el inicio de Jenkins 2.81 hasta la versi\u00f3n 2.94 (incluida) y la versi\u00f3n 2.89.1 podr\u00eda desembocar en un orden incorrecto de ejecuci\u00f3n de comandos durante el proceso de inicializaci\u00f3n. En contadas ocasiones, esto podr\u00eda resultar en el error a la hora de inicializar el asistente de instalaci\u00f3n durante el primer inicio. Como resultado, m\u00faltiples opciones de seguridad no se establecieron en sus niveles strict por defecto."}], "id": "CVE-2017-1000503", "lastModified": "2024-11-21T03:04:53.097", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-24T23:29:00.310", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://jenkins.io/security/advisory/2017-12-14/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://jenkins.io/security/advisory/2017-12-14/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]} 
ReportizFlow
MITRE
Vulnrichment
NVD
Redhat