Description
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2.
References
https://github.com/samrocketman/jervis/security/advisories/GHSA-crxp-chh4-9ghp
PatchVendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 · High
Information
Source identifier
Vulnerability status
Analyzed
Published
2026-01-13T20:16:07.237Z
1 week agoLast modified
2026-01-20T17:12:33.680Z
10 hours ago