VYPR

Maven package

org.jenkins-ci.plugins/anchore-container-scanner

pkg:maven/org.jenkins-ci.plugins/anchore-container-scanner

Vulnerabilities (3)

  • CVE-2022-41225MedSep 21, 2022
    affected < 1.0.25fixed 1.0.25

    Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine.

  • CVE-2019-16542MedNov 21, 2019
    affected < 1.0.20fixed 1.0.20

    Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

  • CVE-2018-1999033MedAug 1, 2018
    affected < 1.0.17fixed 1.0.17

    An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the password stored i