org.jenkins-ci.plugins:anchore-container-scanner

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.jenkins-ci.plugins:anchore-container-scannerpage 1 of 1

CVE-2018-1999033MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.0.17
2018-08-01
vulnerable: 1.0.0 ... 1.0.9 (17 versions)
An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenki…
CVE-2019-16542MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.0.20
2019-11-21
vulnerable: 1.0.0 ... 1.0.9 (20 versions)
Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file sy…
CVE-2022-41225MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.0.25
2022-09-21
vulnerable: 1.0.0 ... 1.0.9 (25 versions)
Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API respo…

Check whether org.jenkins-ci.plugins:anchore-container-scanner is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins:anchore-container-scanner CVEs against the assets you own.

Start Free Scan →