Skip to main content

Anchore Container Image Scanner

2 CVEs product

Monthly

CVE-2022-41225 Maven MEDIUM PATCH This Month

Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Anchore Container Image Scanner
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-16542 Maven MEDIUM PATCH This Month

Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Anchore Container Image Scanner
NVD
CVSS 3.1
6.5
EPSS
0.9%
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Anchore Container Image Scanner
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Anchore Container Image Scanner
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy