CVE 8.7 HIGH

Jervis has AES CBC Mode Without Authentication_CVE-2025-68931

January 13, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Description

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2.

AI Analysis

AES CBC Mode lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation.

Basic Information

ID CVE-2025-68931

Source GitHub_M

Published Jan 13, 2026 at 19:17

Affected Product

Vendor samrocketman

Product jervis

Version < 2.2

Affected Versions samrocketman jervis < 2.2

CWE Classification

CWE-287 CWE-327

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor samrocketman

Product jervis

Version < 2.2

References

{
    "lastseen": "",
    "description": "Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2.",
    "published": "2026-01-13T19:17:26.920Z",
    "modified": "2026-01-13T19:17:26.920Z",
    "type": "cve",
    "title": "Jervis has AES CBC Mode Without Authentication",
    "source": "GitHub_M",
    "references": "https://github.com/samrocketman/jervis/security/advisories/GHSA-gxp5-mv27-vjcj\nhttps://github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a",
    "id": "CVE-2025-68931",
    "bulletinFamily": "",
    "cwe": [
        "CWE-287",
        "CWE-327"
    ],
    "cvelist": null,
    "sourceData": "samrocketman jervis < 2.2",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "jervis",
    "version": "< 2.2",
    "vendor": "samrocketman",
    "ai_description": "AES CBC Mode lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation.",
    "ai_severity": "High",
    "ai_vendor": "samrocketman",
    "ai_product": "jervis",
    "ai_version": "< 2.2",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply