CVE-2022-1766

HIGH

Anchore < 4.0.1 - Insufficiently Protected Credentials

Title source: rule

Description

Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the Software Bill of Materials (SBOM) generated by anchorectl. Users of anchorectl version 0.1.4 should upgrade to anchorectl version 0.1.5 to resolve this issue.

References (1)

[Release Notes, Vendor Advisory] https://docs.anchore.com/current/docs/releasenotes/401/

Scores

CVSS v3 7.5

EPSS 0.0028

EPSS Percentile 50.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (2)

anchore/anchore < 4.0.1

anchore/anchorectl < 0.1.5

Timeline

Published Jul 20, 2022

Tracked Since Feb 18, 2026