CVE-2017-1000504: Cross-Site Request Forgery (CSRF)
(updated )
A race condition during Jenkins startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after startup during which Jenkins may no longer show the “Please wait while Jenkins is getting ready to work” message but Cross-Site Request Forgery (CSRF) protection may not yet be effective.
References
Detect and mitigate CVE-2017-1000504 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →