Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1mMmo1LXc3Nm0tM3JxaM4AAu-X

Jenkins Anchore Container Image Scanner Plugin vulnerable to cross site scripting

Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine.

Permalink: https://github.com/advisories/GHSA-f2j5-w76m-3rqh
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mMmo1LXc3Nm0tM3JxaM4AAu-X
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: almost 2 years ago


CVSS Score: 8.0
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS Percentage: 0.00054
EPSS Percentile: 0.23527

Identifiers: GHSA-f2j5-w76m-3rqh, CVE-2022-41225
References: Repository: https://github.com/jenkinsci/anchore-container-scanner-plugin
Blast Radius: 1.0

Affected Packages

maven:org.jenkins-ci.plugins:anchore-container-scanner
Affected Version Ranges: <= 1.0.24
Fixed in: 1.0.25