Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the Software Bill of Materials (SBOM) generated by anchorectl. Users of anchorectl version 0.1.4 should upgrade to anchorectl version 0.1.5 to resolve this issue.
References
Link | Resource |
---|---|
https://docs.anchore.com/current/docs/releasenotes/401/ | Release Notes Vendor Advisory |
https://docs.anchore.com/current/docs/releasenotes/401/ | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:41
Type | Values Removed | Values Added |
---|---|---|
References | () https://docs.anchore.com/current/docs/releasenotes/401/ - Release Notes, Vendor Advisory |
27 Jul 2022, 21:47
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:anchore:anchore:*:*:*:*:enterprise:*:*:* cpe:2.3:a:anchore:anchorectl:*:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://docs.anchore.com/current/docs/releasenotes/401/ - Release Notes, Vendor Advisory | |
CWE | CWE-522 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
20 Jul 2022, 17:28
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-20 16:15
Updated : 2024-11-21 06:41
NVD link : CVE-2022-1766
Mitre link : CVE-2022-1766
CVE.ORG link : CVE-2022-1766
JSON object : View
Products Affected
anchore
- anchorectl
- anchore
CWE
CWE-522
Insufficiently Protected Credentials