Skip to main content

Jervis

7 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-68931 Maven HIGH PATCH This Week

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. [CVSS 7.5 HIGH]

Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68925 Maven MEDIUM PATCH This Month

Jervis versions up to 2.2 is affected by improper verification of cryptographic signature (CVSS 5.3).

Jenkins Jervis
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-68704 Maven HIGH PATCH This Week

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographically secure for timing attack mitigation. [CVSS 7.5 HIGH]

Java Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68703 Maven HIGH PATCH This Week

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). [CVSS 7.5 HIGH]

Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68702 Maven HIGH PATCH This Week

Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68701 Maven HIGH PATCH This Week

Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68698 Maven HIGH PATCH This Week

Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68931 Maven
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. [CVSS 7.5 HIGH]

Jenkins Jervis
NVD GitHub
CVE-2025-68925 Maven
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Jervis versions up to 2.2 is affected by improper verification of cryptographic signature (CVSS 5.3).

Jenkins Jervis
NVD GitHub
CVE-2025-68704 Maven
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographically secure for timing attack mitigation. [CVSS 7.5 HIGH]

Java Jenkins Jervis
NVD GitHub
CVE-2025-68703 Maven
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). [CVSS 7.5 HIGH]

Jenkins Jervis
NVD GitHub
CVE-2025-68702 Maven
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Jenkins Jervis
NVD GitHub
CVE-2025-68701 Maven
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Jenkins Jervis
NVD GitHub
CVE-2025-68698 Maven
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Jenkins Jervis
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy