44 matches found
CVE-2025-68925
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2...
CVE-2025-68704
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...
CVE-2025-68702
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft32, '0' when it should use padLeft64, '0' because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability is fixed in 2.2...
CVE-2025-68703
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sumpassphrase. Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2...
CVE-2025-68931
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...
CVE-2025-68698
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...
CVE-2025-68698
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...
CVE-2025-68704
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...
CVE-2025-68701
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2...
CVE-2025-68703
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sumpassphrase. Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2...
CVE-2025-68931
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...
CVE-2025-68925
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2...
CVE-2025-68702
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft32, '0' when it should use padLeft64, '0' because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability is fixed in 2.2...
CVE-2025-68925 Jervis has a JWT Algorithm Confusion Vulnerability
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2...
CVE-2025-68925 Jervis has a JWT Algorithm Confusion Vulnerability
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2...
CVE-2025-68704 Jervis has a Weak Random for Timing Attack Mitigation
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...
CVE-2025-68704 Jervis has a Weak Random for Timing Attack Mitigation
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...
CVE-2025-68704 Jervis has a Weak Random for Timing Attack Mitigation
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...
CVE-2025-68704
CVE-2025-68704 concerns the Jervis library used by Jenkins Job DSL plugin scripts and shared pipelines. Prior to version 2.2, Jervis relies on java.util.Random() for timing attack mitigation, which is not cryptographically secure. The vulnerability, fixed in 2.2, can affect timing-related defense...
CVE-2025-68703
CVE-2025-68703 affects the Jervis library used with Jenkins Job DSL and shared pipelines. Prior to version 2.2, the salt for PBKDF2 is derived from the SHA-256 hash of the passphrase, causing two encryption operations using the same password to yield the same derived key. This design enables pre-...