HIGH🇬🇧 English

CVE-2022-1766

CVSS 7.5v3.1pub. 2022-07-20upd. 2024-11-21

Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the Software Bill of Materials (SBOM) generated by anchorectl. Users of anchorectl version 0.1.4 should upgrade to anchorectl version 0.1.5 to resolve this issue.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Anchore

    APP
    Anchore
    < 4.0.1
  • Anchore Anchorectl

    APP
    Anchore
    < 0.1.5
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-11075HIGH7.7ten sam vendor

In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be...

CVE-2026-33481MEDIUM5.3ten sam vendor

Syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images a...

CVE-2026-31959MEDIUM5.3ten sam vendor

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 conta...

CVE-2026-31960MEDIUM5.3ten sam vendor

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has u...

CVE-2026-31961MEDIUM5.5ten sam vendor

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 conta...