GHSA-f2j5-w76m-3rqh

Source

https://github.com/advisories/GHSA-f2j5-w76m-3rqh

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-f2j5-w76m-3rqh/GHSA-f2j5-w76m-3rqh.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-f2j5-w76m-3rqh

Aliases

CVE-2022-41225

Published

2022-09-22T00:00:28Z

Modified

2023-11-08T04:10:27.399849Z

Severity

8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Jenkins Anchore Container Image Scanner Plugin vulnerable to cross site scripting

Details

Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine.

Database specific

{
    "nvd_published_at": "2022-09-21T16:15:00Z",
    "github_reviewed_at": "2022-09-23T13:27:10Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Maven / org.jenkins-ci.plugins:anchore-container-scanner

Package

Name: org.jenkins-ci.plugins:anchore-container-scanner; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/anchore-container-scanner

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.25

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16

1.0.17

1.0.18

1.0.19

1.0.20

1.0.21

1.0.22

1.0.23

1.0.24

Database specific

{
    "last_known_affected_version_range": "<= 1.0.24"
}