Samrocketman Jervis

7 CVEs affecting Samrocketman Jervis. Latest disclosed: 2026-01-13. Critical: 0, High: 6.

Top CVEs affecting Samrocketman Jervis
CVESeverityScorePublishedSummary
CVE-2025-68931High7.52026-01-13Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulner…
CVE-2025-68704High7.52026-01-13Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographical…
CVE-2025-68703High7.52026-01-13Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). Two encrypt…
CVE-2025-68702High7.52026-01-13Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft(32, '0') when it should use padLeft(64…
CVE-2025-68701High7.52026-01-13Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphra…
CVE-2025-68698High7.52026-01-13Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenba…
CVE-2025-68925Medium5.32026-01-13Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "al…