12 matches found
EUVD-2020-3443
Malware in sbrugna...
CVE-2022-41225
Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control API responses by Anchore engine...
CVE-2020-11075
In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user vi...
Jenkins plugins Multiple Vulnerabilities (2022-09-21)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins 2.367 through 2.369 both inclusive does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins...
EUVD-2022-6786
Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control API responses by Anchore engine...
Anchore Engine - A Service That Analyzes Docker Images And Applies User-Defined Acceptance Policies To Allow Automated Container Image Validation And Certification
For the most up-to-date information on Anchore Engine, Anchore CLI, and other Anchore software, please refer to the Anchore Documentation The Anchore Engine is an open-source project that provides a centralized service for inspection, analysis, and certification of container images. The Anchore...
Anchore Engine Command Execution Vulnerability
Anchore Engine is an open source service from US-based Anchore that analyzes Docker images and applies user-defined acceptance policies to allow automated container image validation and authentication. A security vulnerability exists in Anchore Engine version 0.7.0. An attacker can exploit the...
CVE-2020-11075
In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user vi...
CVE-2020-11075
In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user vi...
Design/Logic Flaw
In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user vi...
CVE-2020-11075 Shell Escape in Anchore Engine
In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user vi...
CVE-2020-11075
CVE-2020-11075 affects Anchore Engine 0.7.0. A specially crafted container image manifest fetched from a registry can trigger a shell escape in the anchore engine analyzer service during image analysis. Exploitation requires an authenticated API request or manipulation of a monitored image’s mani...