Lucene search

K
osvGoogleOSV:GHSA-99HJ-PPG3-2XWC
HistoryMay 14, 2022 - 1:04 a.m.

Cross-Site Request Forgery in Jenkins

2022-05-1401:04:36
Google
osv.dev
9

0.001 Low

EPSS

Percentile

44.7%

A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after startup during which Jenkins may no longer show the ‘Please wait while Jenkins is getting ready to work’ message but Cross-Site Request Forgery (CSRF) protection may not yet be effective.

0.001 Low

EPSS

Percentile

44.7%