Jervis

7 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-68931 HIGH PATCH This Week

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. [CVSS 7.5 HIGH]

Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68925 MEDIUM PATCH This Month

Jervis versions up to 2.2 is affected by improper verification of cryptographic signature (CVSS 5.3).

Jenkins Jervis
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-68704 HIGH PATCH This Week

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographically secure for timing attack mitigation. [CVSS 7.5 HIGH]

Java Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68703 HIGH PATCH This Week

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). [CVSS 7.5 HIGH]

Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68702 HIGH PATCH This Week

Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68701 HIGH PATCH This Week

Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68698 HIGH PATCH This Week

Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68931
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. [CVSS 7.5 HIGH]

Jenkins Jervis
NVD GitHub
CVE-2025-68925
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Jervis versions up to 2.2 is affected by improper verification of cryptographic signature (CVSS 5.3).

Jenkins Jervis
NVD GitHub
CVE-2025-68704
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographically secure for timing attack mitigation. [CVSS 7.5 HIGH]

Java Jenkins Jervis
NVD GitHub
CVE-2025-68703
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). [CVSS 7.5 HIGH]

Jenkins Jervis
NVD GitHub
CVE-2025-68702
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Jenkins Jervis
NVD GitHub
CVE-2025-68701
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Jenkins Jervis
NVD GitHub
CVE-2025-68698
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Jenkins Jervis
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy