CVE-2025-68931 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnera…
High CVSS: 8.7

CVE-2025-68931

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2.
Vendor
Samrocketman
Product
Jervis
CWE
CWE-287
Yayın Tarihi
2026-01-13 20:16:07
Güncelleme
2026-01-20 17:37:47
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-287 Jervis HIGH Samrocketman 2026

Referanslar

https://github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a https://github.com/samrocketman/jervis/security/advisories/GHSA-gxp5-mv27-vjcj