A race condition during Jenkins startup could result in the wrong order of execution of commands during initialization. There’s a very short window of time after startup during which Jenkins may no longer show the "Please wait while Jenkins is getting ready to work" message, but Cross-Site Request Forgery (CSRF) protection may not yet be effective. External references: https://jenkins.io/security/advisory/2017-12-14/
Created jenkins tracking bugs for this issue: Affects: fedora-all [bug 1526598] Affects: openshift-1 [bug 1526597]