Medium severity5.4NVD Advisory· Published Sep 21, 2022· Updated Jun 17, 2026
CVE-2022-41225
CVE-2022-41225
Description
Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:anchore-container-scannerMaven | < 1.0.25 | 1.0.25 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
4News mentions
1- Jenkins Security Advisory 2022-09-21Jenkins Security Advisories · Sep 21, 2022