Samrocketman Jervis
7 CVEs affecting Samrocketman Jervis. Latest disclosed: 2026-01-13. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-68931 | High | 7.5 | 2026-01-13 | Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulner… |
CVE-2025-68704 | High | 7.5 | 2026-01-13 | Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographical… |
CVE-2025-68703 | High | 7.5 | 2026-01-13 | Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). Two encrypt… |
CVE-2025-68702 | High | 7.5 | 2026-01-13 | Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft(32, '0') when it should use padLeft(64… |
CVE-2025-68701 | High | 7.5 | 2026-01-13 | Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphra… |
CVE-2025-68698 | High | 7.5 | 2026-01-13 | Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenba… |
CVE-2025-68925 | Medium | 5.3 | 2026-01-13 | Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "al… |