CVE-2025-68701
HIGH
GHSA-crxp-chh4-9ghp
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3Description
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2.
Analysis
Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).
Technical Context
This vulnerability (CWE-327: Use of a Broken or Risky Cryptographic Algorithm) affects Jervis. Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2.
Affected Products
Vendor: Samrocketman. Product: Jervis. Versions: up to 2.2.
Remediation
A vendor patch is available — apply it immediately. Fixed in version 2.2.. Restrict network access to the affected service where possible.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today