VYPR
Unrated severityNVD Advisory· Published Jul 20, 2022· Updated Sep 16, 2024

CVE-2022-1766

CVE-2022-1766

Description

Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the Software Bill of Materials (SBOM) generated by anchorectl. Users of anchorectl version 0.1.4 should upgrade to anchorectl version 0.1.5 to resolve this issue.

Affected products

3
  • Range: =0.1.4
  • Anchore Inc./AnchoreCTLv5
    Range: unspecified
  • Anchore Inc./Anchore Enterprisev5
    Range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.