Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/01/14 8:22 p.m.6 views

CVE-2025-68704

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...

8.2CVSS6.8AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/14 7:25 p.m.7 views

CVE-2025-68931

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...

8.7CVSS6.8AI score0.00172EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.11 views

PT-2026-2495

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft32, '0' when it should use padLeft64, '0' because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability is fixed in 2.2...

8.7CVSS6.8AI score0.00147EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2025/04/29 12:0 a.m.6 views

VApps: Verifiable Applications at Internet Scale

Blockchain technology promises a decentralized, trustless, and interoperable infrastructure. However, widespread adoption remains hindered by issues such as limited scalability, high transaction costs, and the complexity of maintaining coherent verification logic across different blockchain layer...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/15 12:0 a.m.6 views

Progent: Programmable Privilege Control for LLM Agents

LLM agents are an emerging form of AI systems where large language models LLMs serve as the central component, utilizing a diverse set of tools to complete user-assigned tasks. Despite their great potential, LLM agents pose significant security risks. When interacting with the external world, the...

7.3AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/04/12 8:15 p.m.5 views

CVE-2022-29049

Jenkins promoted builds Plugin 873.v6149dbd64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name...

5.4CVSS6.1AI score0.00784EPSS
Exploits0References2
Rows per page
Query Builder