Product Overview
Product Name: Jenkins
Affected Component: Jervis (shared pipeline libraries and cryptographic helper logic)
Typical Deployment:
- Internet-facing or internally exposed CI/CD controller
- Integrated with SCMs, artifact repositories, cloud platforms, and secret stores
- Often trusted implicitly inside enterprise environments
Why This Is Sensitive
Jenkins is not just a build tool—it frequently becomes the central trust broker for automation. Any weakness in how it encrypts, stores, or generates secrets directly threatens:
- Source code integrity
- Production deployments
- Cloud credentials
- Supply-chain security
High-Level CVE Comparison
| CVE ID | Vulnerability Type | CVSS | Severity | Real-World Risk |
|---|---|---|---|---|
| CVE-2025-68931 | Padding oracle cryptographic flaw | 8.6 | High | Secret disclosure without credentials |
| CVE-2025-68704 | Weak random number generation | 7.8 | High | Token prediction and replay |
These two issues are independent but compounding. When chained, they significantly reduce the effort required to compromise Jenkins-managed secrets.
CVE-2025-68931 – Padding Oracle Cryptographic Weakness
What’s Actually Wrong
Jervis performs encryption using a block cipher mode that does not enforce message authenticity. When malformed encrypted data is processed:
- The system reacts differently depending on whether padding is correct or not
- These differences leak information through:
- Error messages
- HTTP response codes
- Processing time
This behavior creates a classic padding oracle.
How an Attacker Would Exploit This
- The attacker identifies an endpoint that processes encrypted Jervis data
- They send modified versions of a captured ciphertext
- Each request changes only a single byte
- The server’s response reveals whether padding was valid
- Using automation, the attacker:
- Works backward through the ciphertext
- Recovers the plaintext one byte at a time
This does not require:
- Valid credentials
- Access to encryption keys
- Insider privileges
What Can Be Recovered
- Stored API tokens
- Encrypted Jenkins credentials
- SCM access keys
- Pipeline secrets embedded in job configuration
Once secrets are recovered, attackers can impersonate Jenkins itself.
Proof-of-Concept Availability
- Publicly documented padding-oracle exploitation techniques apply directly
- Requires only basic scripting (Python or similar)
- Exploitation is deterministic and repeatable
- Suitable for automation and low-noise attacks
Important: This is not theoretical cryptography abuse—this is a well-understood and weaponized attack class.
CVE-2025-68704 – Non-Cryptographic Random Number Generator
What’s Actually Wrong
Jervis uses a non-cryptographically secure RNG for security-sensitive values such as:
- Tokens
- Initialization vectors
- Nonces
- Salts
These values can become predictable under observation.
How This Gets Exploited
- Attacker observes multiple generated values (tokens or encrypted blobs)
- Identifies predictable patterns (time-based or sequential output)
- Reconstructs RNG state
- Predicts:
- Future tokens
- Previously generated values
This allows attackers to:
- Forge valid authentication artifacts
- Replay encrypted payloads
- Bypass trust assumptions
Why This Is Worse Than It Sounds
Weak randomness doesn’t just weaken encryption—it invalidates it. Even strong algorithms fail when entropy is predictable.
Combined Attack Scenario
When both vulnerabilities exist:
- Padding oracle reveals partial plaintext
- Weak RNG helps fill in remaining unknowns
- Full secret recovery happens faster than brute force
This drastically lowers the skill level required for a successful attack.
MITRE ATT&CK Technique Mapping
| Technique | Description |
|---|---|
| T1190 | Exploitation of exposed Jenkins endpoints |
| T1552 | Extraction of stored credentials |
| T1040 | Observation of encrypted traffic behavior |
| T1606 | Forged tokens and authentication artifacts |
| T1556 | Abuse of authentication mechanisms |
Detection Strategy
Behavioral Indicators
- Repeated requests with nearly identical payload sizes
- One-byte variations between requests
- High frequency of failed decrypt operations
- Consistent error patterns during short time windows
Example Exploitation Pattern
- Ciphertext length remains constant
- Requests arrive in rapid bursts
- Each request differs by a single byte offset
- Responses alternate between two predictable outcomes
Detection Logic
Padding Oracle Detection
Look for repeated decryption failures
with consistent payload size
and small byte-level changes
within a short time frame
Weak RNG Abuse Detection
Identify token reuse
or predictable increments
across authentication or job execution logs
Recommended Log Sources
| Source | Purpose |
|---|---|
| Jenkins application logs | Error and exception patterns |
| Reverse proxy / load balancer logs | Repeated malformed requests |
| CI job audit logs | Unauthorized job triggers |
| Authentication logs | Token reuse or replay |
Official Patch / Upgrade
Vendor Action Required
- Upgrade the Jervis plugin to the latest officially patched version
- The patch:
- Replaces weak RNG with cryptographically secure randomness
- Implements authenticated encryption
- Removes distinguishable error behavior
Official Upgrade Source:
👉 https://plugins.jenkins.io/jervis/
Final Takeaway
These vulnerabilities don’t rely on exotic tricks. They exploit fundamental mistakes in cryptography and randomness, which attackers have abused for years. In Jenkins environments—where secrets are abundant and trust is implicit—this turns a single flaw into a full pipeline compromise.
Patching is not optional. Once exploited, there is no reliable way to prove secrets were not already stolen.
