CVE-2017-1000504: Cross-Site Request Forgery (CSRF)

January 24, 2018 (updated May 8, 2019)

A race condition during Jenkins startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after startup during which Jenkins may no longer show the “Please wait while Jenkins is getting ready to work” message but Cross-Site Request Forgery (CSRF) protection may not yet be effective.

References

jenkins.io/security/advisory/2017-12-14/
nvd.nist.gov/vuln/detail/CVE-2017-1000504

Code Behaviors & Features

Detect and mitigate CVE-2017-1000504 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →