CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

RedhatCVE•added 2026/01/14 8:22 p.m.•5 views

CVE-2025-68925

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2...

6.9CVSS7.1AI score0.00023EPSS

Exploits0References1

RedhatCVE•added 2026/01/14 8:22 p.m.•3 views

CVE-2025-68702

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft32, '0' when it should use padLeft64, '0' because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability is fixed in 2.2...

8.7CVSS6.8AI score0.00023EPSS

Exploits0References1

RedhatCVE•added 2026/01/14 7:25 p.m.•5 views

CVE-2025-68698

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...

8.7CVSS6.9AI score0.00009EPSS

Exploits0References1

NVD•added 2026/01/13 8:16 p.m.•3 views

CVE-2025-68704

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...

8.2CVSS0.00059EPSS

Exploits0References2

NVD•added 2026/01/13 8:16 p.m.•2 views

CVE-2025-68701

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2...

8.7CVSS0.00025EPSS

Exploits0References2

NVD•added 2026/01/13 8:16 p.m.•4 views

CVE-2025-68702

8.7CVSS0.00023EPSS

Exploits0References2

NVD•added 2026/01/13 8:16 p.m.•11 views

CVE-2025-68703

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sumpassphrase. Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2...

8.7CVSS0.00014EPSS

Exploits0References2

Cvelist•added 2026/01/13 7:21 p.m.•20 views

CVE-2025-68701 Jervis has Deterministic AES IV Derivation from Passphrase

8.7CVSS0.00025EPSS

Exploits0References2

OSV•added 2026/01/13 7:16 p.m.•5 views

CVE-2025-68698 Jervis has an RSA PKCS#1 v1.5 Padding Vulnerability

8.7CVSS6.8AI score0.00009EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-2645

Malicious code in bioql PyPI...

9.9CVSS9AI score0.01799EPSS

Exploits0References6

vulnersOsv•added 2022/05/13 1:15 a.m.•0 views

org.jenkins-ci.plugins:seed (>=0.8.0 <=2.1.4) potentially affected by CVE-2019-1003034 via org.jenkins-ci.plugins:job-dsl (>=1.34 <=1.50)

org.jenkins-ci.plugins:job-dsl MAVEN version =1.34, =0.8.0, =2.1.4 Source cves: CVE-2019-1003034 Source advisory: OSV:GHSA-5R74-PGMQ-92MM...

9.9CVSS7.2AI score0.01799EPSS

Exploits0

OSV•added 2022/05/13 1:15 a.m.•1 views

GHSA-5R74-PGMQ-92MM Script security sandbox bypass in Jenkins Job DSL Plugin

A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy,...

9.9CVSS6.2AI score0.01799EPSS

Exploits0References6

Veracode•added 2019/05/16 3:58 a.m.•19 views

Sandbox Protection Bypass

Jenkins Job DSL Plugin is vulnerable to sandbox protection bypass vulnerability. This exists in the job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy and job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy and...

9.9CVSS9.6AI score0.01799EPSS

Exploits0References4Affected Software1

RedHat Linux•added 2019/04/10 6:34 p.m.•0 views

jenkins-job-dsl-plugin: Script security sandbox bypass in Job DSL Plugin (SECURITY-1342)

A flaw was found in the Jenkins Job DSL plugin. Parsing, compilation, and script instantiations provided by a crafted Groovy script could escape the sandbox allowing users to execute arbitrary code on the Jenkins master. The highest risk from this vulnerability is to data confidentiality and...

9.9CVSS6.1AI score0.01799EPSS

Exploits0References5

RedhatCVE•added 2019/03/20 1:19 a.m.•24 views

CVE-2019-1003034

9.9CVSS4.8AI score0.01799EPSS

Exploits0References3

OSV•added 2019/03/08 9:29 p.m.•21 views

CVE-2019-1003034

9.9CVSS7.6AI score

Exploits0References3

NVD•added 2019/03/08 9:29 p.m.•16 views

CVE-2019-1003034

9.9CVSS9.8AI score0.01799EPSS

Exploits0References3

CVE•added 2019/03/08 9:0 p.m.•86 views

CVE-2019-1003034

CVE-2019-1003034 is a sandbox bypass in the Jenkins Job DSL Plugin (affected in 1.71 and earlier) that can let attackers with control over Job DSL definitions execute arbitrary code on the Jenkins master JVM. The connected advisories (GHSA-5R74-PGMQ-92MM and Red Hat RHSA-2019:0739) confirm a sand...

9.9CVSS9.7AI score0.01799EPSS

Exploits0References3Affected Software1

Cvelist•added 2019/03/08 9:0 p.m.•16 views

CVE-2019-1003034

9.8AI score0.01799EPSS

Exploits0References3

Positive Technologies•added 2019/03/08 12:0 a.m.•2 views

PT-2019-2302 · Jenkins · Jenkins Job Dsl Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Job DSL Plugin versions 1.71 and earlier Description: A sandbox bypass issue exists that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM. The vulnerability is related to error...

9.9CVSS9.4AI score0.01799EPSS

Exploits0References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by