Описание
Jenkins Anchore Container Image Scanner Plugin vulnerable to cross site scripting
Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine.
Пакеты
Наименование
org.jenkins-ci.plugins:anchore-container-scanner
maven
Затронутые версииВерсия исправления
<= 1.0.24
1.0.25
Связанные уязвимости
CVSS3: 5.4
nvd
больше 3 лет назад
Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine.