ByteOS Network

NVD Vulnerability Details :

CVE-2025-68703

Analyzed

Source-security-advisories@github.com

Published At-13 Jan, 2026 | 20:16

Updated At-20 Jan, 2026 | 17:13

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	8.7	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 4.0

Base score: 8.7

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CPE Matches

samrocketman>>jervis>>Versions before 2.2(exclusive)

cpe:2.3:a:samrocketman:jervis:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-326	Primary	security-advisories@github.com

CWE ID: CWE-326

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a	security-advisories@github.com	Patch
https://github.com/samrocketman/jervis/security/advisories/GHSA-36h5-vrq6-pp34	security-advisories@github.com	Patch Vendor Advisory

Hyperlink: https://github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a

Source: security-advisories@github.com

Resource:

Patch

Hyperlink: https://github.com/samrocketman/jervis/security/advisories/GHSA-36h5-vrq6-pp34

Source: security-advisories@github.com

Resource:

Patch

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History