Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1mMmo1LXc3Nm0tM3JxaM4AAu-X
Jenkins Anchore Container Image Scanner Plugin vulnerable to cross site scripting
Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine.
Permalink: https://github.com/advisories/GHSA-f2j5-w76m-3rqhJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mMmo1LXc3Nm0tM3JxaM4AAu-X
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: almost 2 years ago
CVSS Score: 8.0
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Percentage: 0.00054
EPSS Percentile: 0.23527
Identifiers: GHSA-f2j5-w76m-3rqh, CVE-2022-41225
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-41225
- https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2821
- https://github.com/jenkinsci/anchore-container-scanner-plugin/commit/1b1a62ab8ab86b409274e755860ab4e7fcc11800
- https://github.com/advisories/GHSA-f2j5-w76m-3rqh
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.plugins:anchore-container-scanner
Affected Version Ranges: <= 1.0.24Fixed in: 1.0.25