CVE-2025-68704

CVE-2025-68704 concerns the Jervis library used by Jenkins Job DSL plugin scripts and shared pipelines. Prior to version 2.2, Jervis relies on java.util.Random() for timing attack mitigation, which is not cryptographically secure. The vulnerability, fixed in 2.2, can affect timing-related defense...

Jervis 安全特征问题漏洞

Jervis is an automation tool by Sam Gleske Personal Developer. A security signature issue vulnerability exists in versions prior to Jervis 2.2 that stems from the use of non-cryptographically secure java.util.Random, which may not be effective in mitigating timing attacks...

PT-2026-2497

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...

Predictable Seed in Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Predictable Seed in Pseudo-Random Number Generator PRNG via the use of RandomStringUtils with the default java.util.Random PRNG. An attacker can recover sensitive information by predicting the server-side encryption key if they can obta...

Predictable Seed in Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Predictable Seed in Pseudo-Random Number Generator PRNG via the use of RandomStringUtils with the default java.util.Random PRNG. An attacker can recover sensitive information by predicting the server-side encryption key if they can obta...