Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1mMmo1LXc3Nm0tM3JxaM4AAu-X
Jenkins Anchore Container Image Scanner Plugin vulnerable to cross site scripting
Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine.
Permalink: https://github.com/advisories/GHSA-f2j5-w76m-3rqhJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mMmo1LXc3Nm0tM3JxaM4AAu-X
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 8.0
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Identifiers: GHSA-f2j5-w76m-3rqh, CVE-2022-41225
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-41225
- https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2821
- https://github.com/jenkinsci/anchore-container-scanner-plugin/commit/1b1a62ab8ab86b409274e755860ab4e7fcc11800
- https://github.com/advisories/GHSA-f2j5-w76m-3rqh
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.plugins:anchore-container-scanner
Affected Version Ranges: <= 1.0.24Fixed in: 1.0.25