CVE-2025-68701
Jervis has Deterministic AES IV Derivation from Passphrase
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
samrocketman · jervisWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →