CVE-2025-68698

Name of the Vulnerable Software and Affected Versions Jervis versions prior to 2.2

Description Jervis, a library for Job DSL plugin scripts and shared Jenkins pipeline libraries, utilizes PKCS1Encoding, which is susceptible to Bleichenbacher padding oracle attacks. Modern systems should employ OAEP (Optimal Asymmetric Encryption Padding) for enhanced security. This issue has been addressed in version 2.2. A Bleichenbacher padding oracle attack exploits weaknesses in the PKCS#1 v1.5 padding scheme used in certain cryptographic algorithms.

Recommendations Update Jervis to version 2.2 or later.