CVE-2022-1766

CVE-2022-1766

Vendor Anchore Inc.
Product Anchore Enterprise
Weakness CWE-522 · Insufficiently protected credentials
Published July 20, 2022
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the Software Bill of Materials (SBOM) generated by anchorectl. Users of anchorectl version 0.1.4 should upgrade to anchorectl version 0.1.5 to resolve this issue.

Key dates

02Disclosure timeline

July 20, 2022 CVE published
September 16, 2024 Record updated