Description
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2.
References
https://github.com/samrocketman/jervis/security/advisories/GHSA-gxp5-mv27-vjcj
PatchVendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 · High
Information
Source identifier
Vulnerability status
Analyzed
Published
2026-01-13T20:16:07.980Z
1 week agoLast modified
2026-01-20T17:37:47.087Z
9 hours ago