How severe is CVE-2025-68701?

The severity of CVE-2025-68701 has not been assessed with CVSS v3.

CVE-2025-68701

NONE

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2.

Veröffentlicht: 1/13/2026Aktualisiert: 1/14/2026

Beschreibung

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2.

KI-AnalyseKI-gestützt

Referenzen

https://github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a
https://github.com/samrocketman/jervis/security/advisories/GHSA-crxp-chh4-9ghp