exploitDog

CVE-2025-68703

Опубликовано: 13 янв. 2026

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2.

Ссылки

https://github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a
Patch
https://github.com/samrocketman/jervis/security/advisories/GHSA-36h5-vrq6-pp34
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:samrocketman:jervis:*:*:*:*:*:*:*:*

Версия до 2.2 (исключая)

EPSS

Процентиль: 1%

0.0001

Низкий

7.5 High

CVSS3

Дефекты

CWE-326

Связанные уязвимости

GHSA-36h5-vrq6-pp34

CVSS3: 7.5

github

25 дней назад

Jervis's Salt for PBKDF2 derived from password

EPSS

Процентиль: 1%

0.0001

Низкий

7.5 High

CVSS3

Дефекты

CWE-326