漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Jervis has AES CBC Mode Without Authentication
Vulnerability Description
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2.
CVSS Information
N/A
Vulnerability Type
认证机制不恰当
Vulnerability Title
Jervis 加密问题漏洞
Vulnerability Description
Jervis是Sam Gleske个人开发者的一个自动化工具。 Jervis 2.2之前版本存在加密问题漏洞,该漏洞源于AES/CBC/PKCS5Padding缺乏身份验证,容易受到填充预言攻击和密文操纵。
CVSS Information
N/A
Vulnerability Type
N/A