Lucene search
K

4 matches found

Snyk
Snyk
added 2026/01/13 2:51 p.m.3 views

Use of a Broken or Risky Cryptographic Algorithm

Overview net.gleske:jervis is a Self service Jenkins job generation using Jenkins Job DSL plugin groovy scripts. Reads .jervis.yml and generates a job in Jenkins. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in SecurityIO.groovy. An attacker...

8.7CVSS6.8AI score0.00202EPSS
Exploits0References2
OSV
OSV
added 2026/01/13 2:51 p.m.4 views

GHSA-CRXP-CHH4-9GHP Jervis has Deterministic AES IV Derivation from Passphrase

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL866-L874...

8.7CVSS6.8AI score0.00202EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.6 views

Jervis 安全漏洞

Jervis is an automation tool from the individual developer Sam Gleske. A security vulnerability exists in versions prior to Jervis 2.2 that stems from the deterministic derivation of AES IV from passwords, which could lead to cryptographic vulnerabilities...

8.7CVSS5.8AI score0.00202EPSS
Exploits0References3
OSV
OSV
added 2025/02/28 3:32 p.m.7 views

OESA-2025-1191 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during th...

7.5CVSS6.8AI score0.03332EPSS
Exploits0References4
Rows per page
Query Builder