GHSA-w9v7-7mq5-p27c

Source

https://github.com/advisories/GHSA-w9v7-7mq5-p27c

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w9v7-7mq5-p27c/GHSA-w9v7-7mq5-p27c.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-w9v7-7mq5-p27c

Aliases

CVE-2018-1999033

Published

2022-05-13T01:30:26Z

Modified

2023-11-08T04:00:09.853620Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Exposure of sensitive information in Anchore Container Image Scanner Jenkins Plugin

Details

An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the password stored in this plugin's configuration.

Database specific

{
    "nvd_published_at": "2018-08-01T13:29:00Z",
    "github_reviewed_at": "2022-05-26T18:47:05Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-200"
    ]
}

References

Affected packages

Maven / org.jenkins-ci.plugins:anchore-container-scanner

Package

Name: org.jenkins-ci.plugins:anchore-container-scanner; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/anchore-container-scanner

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.17

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16