CVE-2025-68925

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2.

Published Jan 14, 2026

https://github.com/advisories/GHSA-5pq9-5mpr-jj85

CVSS ScoreMedium

5.3

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-68925

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2.

Published Jan 14, 2026

https://github.com/advisories/GHSA-5pq9-5mpr-jj85

CVSS ScoreMedium

5.3


maven	io.jenkins.plugins/scm-filter-jervis	0.1
maven	io.jenkins.plugins/scm-filter-jervis	0.2.1
maven	io.jenkins.plugins/scm-filter-jervis	0.2
maven	io.jenkins.plugins/scm-filter-jervis	0.3
maven	io.jenkins.plugins/scm-filter-jervis	1.7-56.v183370d2a_b_5a_
maven	io.jenkins.plugins/scm-filter-jervis	2.0-58.va_ffb_2b_a_8e925
maven	io.jenkins.plugins/scm-filter-jervis	2.0-66.vc21d0c1d936d
maven	io.jenkins.plugins/scm-filter-jervis	2.0.1-68.v738626177078
maven	net.gleske/jervis	0.10
maven	net.gleske/jervis	0.11
maven	net.gleske/jervis	0.12
maven	net.gleske/jervis	0.13
maven	net.gleske/jervis	0.1
maven	net.gleske/jervis	0.2
maven	net.gleske/jervis	0.3
maven	net.gleske/jervis	0.4
maven	net.gleske/jervis	0.5.1
maven	net.gleske/jervis	0.5.2
maven	net.gleske/jervis	0.5
maven	net.gleske/jervis	0.6
maven	net.gleske/jervis	0.7
maven	net.gleske/jervis	0.8
maven	net.gleske/jervis	0.9
maven	net.gleske/jervis	1.0
maven	net.gleske/jervis	1.1
maven	net.gleske/jervis	1.2
maven	net.gleske/jervis	1.3
maven	net.gleske/jervis	1.4
maven	net.gleske/jervis	1.5
maven	net.gleske/jervis	1.6
maven	net.gleske/jervis	1.7
maven	net.gleske/jervis	2.0.1
maven	net.gleske/jervis	2.0
maven	net.gleske/jervis	2.1

Ecosystem	Package	Version


maven	io.jenkins.plugins/scm-filter-jervis	0.1
maven	io.jenkins.plugins/scm-filter-jervis	0.2.1
maven	io.jenkins.plugins/scm-filter-jervis	0.2
maven	io.jenkins.plugins/scm-filter-jervis	0.3
maven	io.jenkins.plugins/scm-filter-jervis	1.7-56.v183370d2a_b_5a_
maven	io.jenkins.plugins/scm-filter-jervis	2.0-58.va_ffb_2b_a_8e925
maven	io.jenkins.plugins/scm-filter-jervis	2.0-66.vc21d0c1d936d
maven	io.jenkins.plugins/scm-filter-jervis	2.0.1-68.v738626177078
maven	net.gleske/jervis	0.10
maven	net.gleske/jervis	0.11
maven	net.gleske/jervis	0.12
maven	net.gleske/jervis	0.13
maven	net.gleske/jervis	0.1
maven	net.gleske/jervis	0.2
maven	net.gleske/jervis	0.3
maven	net.gleske/jervis	0.4
maven	net.gleske/jervis	0.5.1
maven	net.gleske/jervis	0.5.2
maven	net.gleske/jervis	0.5
maven	net.gleske/jervis	0.6
maven	net.gleske/jervis	0.7
maven	net.gleske/jervis	0.8
maven	net.gleske/jervis	0.9
maven	net.gleske/jervis	1.0
maven	net.gleske/jervis	1.1
maven	net.gleske/jervis	1.2
maven	net.gleske/jervis	1.3
maven	net.gleske/jervis	1.4
maven	net.gleske/jervis	1.5
maven	net.gleske/jervis	1.6
maven	net.gleske/jervis	1.7
maven	net.gleske/jervis	2.0.1
maven	net.gleske/jervis	2.0
maven	net.gleske/jervis	2.1

Find vulnerabilities. Fix fast with AI.

CVE-2025-68925

CVE-2025-68925