CVE-2025-68702

High CVSS: 8.7

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft(32, '0') when it should use padLeft(64, '0') because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability is fixed in 2.2.

Vendor

Samrocketman

Product

Jervis

CWE

CWE-327

Yayın Tarihi

2026-01-13 20:16:07

Güncelleme

2026-01-20 17:13:09

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-327 Jervis HIGH Samrocketman 2026

Referanslar

https://github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a https://github.com/samrocketman/jervis/security/advisories/GHSA-67rj-pjg6-pq59

Benzer Kayıtlar

High

CVE-2025-68698

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Enc…

High

CVE-2025-68701

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses determin…

High

CVE-2025-68703

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived…

High

CVE-2025-68704

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.uti…

Medium

CVE-2025-68925

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't val…

High

CVE-2025-68931

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding…