HIGH🇵🇱 Wersja polska

CVE-2022-1766

CVSS 7.5v3.1pub. 2022-07-20upd. 2024-11-21

Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the Software Bill of Materials (SBOM) generated by anchorectl. Users of anchorectl version 0.1.4 should upgrade to anchorectl version 0.1.5 to resolve this issue.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Anchore

    APP
    Anchore
    < 4.0.1
  • Anchore Anchorectl

    APP
    Anchore
    < 0.1.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-11075HIGH7.7ten sam vendor

In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be...

CVE-2026-33481MEDIUM5.3ten sam vendor

Syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images a...

CVE-2026-31959MEDIUM5.3ten sam vendor

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 conta...

CVE-2026-31960MEDIUM5.3ten sam vendor

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has u...

CVE-2026-31961MEDIUM5.5ten sam vendor

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 conta...