What is the severity of CVE-2017-1000503?

CVE-2017-1000503 is considered a medium severity vulnerability due to the potential for improper command execution during Jenkins startup.

How do I fix CVE-2017-1000503?

To fix CVE-2017-1000503, upgrade Jenkins to version 2.95 or later, or to version 2.89.2 if using the LTS release.

What versions of Jenkins are affected by CVE-2017-1000503?

CVE-2017-1000503 affects Jenkins versions 2.81 through 2.94 and version 2.89.1.

What is the impact of not addressing CVE-2017-1000503?

Failing to address CVE-2017-1000503 may lead to failure in initializing the setup wizard and potential security-related issues.

When was CVE-2017-1000503 disclosed?

CVE-2017-1000503 was disclosed on December 14, 2017.

Vulnerability/
CVE-2017-1000503

high

8.1

CWE

362

24/1/2018

14/5/2022

16/9/2024

CVE-2017-1000503: Race Condition

First published: Wed Jan 24 2018(Updated: )

A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
maven/org.jenkins-ci.main:jenkins-core	>=2.90<=2.94	2.95
maven/org.jenkins-ci.main:jenkins-core	>=2.81<=2.89.1	2.89.2
Jenkins LTS	>=2.81<=2.94
Jenkins LTS	=2.89.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1000503?
CVE-2017-1000503 is considered a medium severity vulnerability due to the potential for improper command execution during Jenkins startup.
How do I fix CVE-2017-1000503?
To fix CVE-2017-1000503, upgrade Jenkins to version 2.95 or later, or to version 2.89.2 if using the LTS release.
What versions of Jenkins are affected by CVE-2017-1000503?
CVE-2017-1000503 affects Jenkins versions 2.81 through 2.94 and version 2.89.1.
What is the impact of not addressing CVE-2017-1000503?
Failing to address CVE-2017-1000503 may lead to failure in initializing the setup wizard and potential security-related issues.
When was CVE-2017-1000503 disclosed?
CVE-2017-1000503 was disclosed on December 14, 2017.

agent/type
collector/github-advisory-latest
source/GitHub
alias/GHSA-r5x3-2446-hrp7
alias/CVE-2017-1000503
agent/software-canonical-lookup
agent/severity
agent/references
agent/weakness
agent/description
agent/author
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/maven
vendor/jenkins
canonical/jenkins lts
version/jenkins lts/2.81
version/jenkins lts/2.94
version/jenkins lts/2.89.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.