CVE-2022-1766

Summary

Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the Software Bill of Materials (SBOM) generated by anchorectl. Users of anchorectl version 0.1.4 should upgrade to anchorectl version 0.1.5 to resolve this issue.

Affected Software

VendorProductVersion RangeStatus
Anchore Inc.Anchore Enterpriseunspecified < 4.0.1affected
Anchore Inc.AnchoreCTLunspecified < 0.1.5affected

Weaknesses

  • CWE-522: CWE-522: Insufficiently Protected Credentials

ADP Enrichment

CVE Program Container

Additional References

References