6 matches found
CVE-2025-68704
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...
CVE-2025-68931
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...
PT-2026-2495
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft32, '0' when it should use padLeft64, '0' because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability is fixed in 2.2...
VApps: Verifiable Applications at Internet Scale
Blockchain technology promises a decentralized, trustless, and interoperable infrastructure. However, widespread adoption remains hindered by issues such as limited scalability, high transaction costs, and the complexity of maintaining coherent verification logic across different blockchain layer...
Progent: Programmable Privilege Control for LLM Agents
LLM agents are an emerging form of AI systems where large language models LLMs serve as the central component, utilizing a diverse set of tools to complete user-assigned tasks. Despite their great potential, LLM agents pose significant security risks. When interacting with the external world, the...
CVE-2022-29049
Jenkins promoted builds Plugin 873.v6149dbd64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name...