Detections
Analytics

FreeBSD : jenkins -- Two startup race conditions (7136e6b7-e1b3-11e7-a4d3-000c292ee6b8)

high Nessus Plugin ID 105338

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Jenkins project reports :

A race condition during Jenkins startup could result in the wrong order of execution of commands during initialization.

On Jenkins 2.81 and newer, including LTS 2.89.1, this could in rare cases (we estimate less than 20% of new instances) result in failure to initialize the setup wizard on the first startup.

There is a very short window of time after startup during which Jenkins may no longer show the 'Please wait while Jenkins is getting ready to work' message, but Cross-Site Request Forgery (CSRF) protection may not yet be effective.

Solution

Update the affected packages.

See Also

https://jenkins.io/security/advisory/2017-12-14/

http://www.nessus.org/u?90049793

Plugin Details

Severity: High

ID: 105338

File Name: freebsd_pkg_7136e6b7e1b311e7a4d3000c292ee6b8.nasl

Version: 3.3

Type: local

Published: 12/18/2017

Updated: 1/4/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:jenkins-lts, p-cpe:/a:freebsd:freebsd:jenkins

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/15/2017

Vulnerability Publication Date: 12/14/2017