CVE-2022-41225 – org.jenkins-ci.plugins:anchore-container-scanner

Package

Manager: maven
Name: org.jenkins-ci.plugins:anchore-container-scanner
Vulnerable Version: >=0 <1.0.25

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.07556 pctl0.91457

Details

Jenkins Anchore Container Image Scanner Plugin vulnerable to cross site scripting Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine.

Metadata

Created: 2022-09-22T00:00:28Z
Modified: 2022-12-05T22:10:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-f2j5-w76m-3rqh/GHSA-f2j5-w76m-3rqh.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-f2j5-w76m-3rqh
Finding: F425
Auto approve: 1