3 matches found
CVE-2026-8274
CVE-2026-8274 affects npitre cramfs-tools up to version 2.1. The vulnerability is in the Directory Handler’s cramfsck.c do_directory function and enables local path traversal. Exploitation requires local access; the vulnerability is disclosed publicly. A fix is available in version 2.2, with patc...
CVE-2025-68931
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...
CVE-2025-68704
CVE-2025-68704 concerns the Jervis library used by Jenkins Job DSL plugin scripts and shared pipelines. Prior to version 2.2, Jervis relies on java.util.Random() for timing attack mitigation, which is not cryptographically secure. The vulnerability, fixed in 2.2, can affect timing-related defense...