📦 Jervis

Jervis versions before 2.2 use vulnerable PKCS1Encoding for RSA encryption, making them susceptible to Bleichenbacher padding oracle attacks. This could allow attackers to decrypt sensitive data or fo...

Jervis versions before 2.2 use deterministic AES initialization vectors derived from passphrases, making encrypted data vulnerable to cryptographic attacks. This affects organizations using Jervis for...

Jervis versions before 2.2 incorrectly use 32-character padding instead of 64-character padding for SHA-256 hashes, which could lead to hash collisions and security bypasses. This affects Jenkins pipe...

This vulnerability in Jervis (a library for Jenkins pipeline scripts) uses a weak key derivation method where the same password always produces the same encryption key. This allows attackers who obtai...

Jervis versions before 2.2 use java.util.Random() for timing attack mitigation, which is not cryptographically secure. This vulnerability could allow attackers to predict random values and potentially...

CVE-2025-68931 is a cryptographic vulnerability in Jervis library versions before 2.2 where AES/CBC/PKCS5Padding lacks authentication, enabling padding oracle attacks and ciphertext manipulation. This...

Jervis versions before 2.2 fail to validate JWT algorithm headers, allowing attackers to forge tokens using weaker algorithms like 'none' or HMAC. This affects Jenkins pipeline users who rely on Jervi...