Description
Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine.
Remediation
References
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2821
Related Vulnerabilities
CVE-2022-42920 Vulnerability in maven package org.apache.bcel:bcel
CVE-2015-5325 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-43419 Vulnerability in maven package org.jenkins-ci.plugins:katalon
CVE-2022-23616 Vulnerability in maven package org.xwiki.platform:xwiki-platform-administration-ui
CVE-2022-43434 Vulnerability in maven package io.jenkins.plugins:neuvector-vulnerability-scanner