CVE-2025-68704
Jervis has a Weak Random for Timing Attack Mitigation
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2.
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
samrocketman · jervis¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →