CVE-2022-1766
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the Software Bill of Materials (SBOM) generated by anchorectl. Users of anchorectl version 0.1.4 should upgrade to anchorectl version 0.1.5 to resolve this issue.
Anchorectl versión 0.1.4, almacena inapropiadamente las credenciales cuando genera una lista de materiales de software. anchorectl añadirá las credenciales usadas para acceder a la API de Anchore Enterprise en la lista de materiales de software (SBOM) generada por anchorectl. Los usuarios de anchorectl versión 0.1.4, deben actualizar a anchorectl versión 0.1.5 para resolver este problema
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-05-17 CVE Reserved
- 2022-07-20 CVE Published
- 2024-02-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.anchore.com/current/docs/releasenotes/401 | 2022-07-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Anchore Search vendor "Anchore" | Anchore Search vendor "Anchore" for product "Anchore" | < 4.0.1 Search vendor "Anchore" for product "Anchore" and version " < 4.0.1" | enterprise |
Affected
| ||||||
| Anchore Search vendor "Anchore" | Anchorectl Search vendor "Anchore" for product "Anchorectl" | < 0.1.5 Search vendor "Anchore" for product "Anchorectl" and version " < 0.1.5" | - |
Affected
| ||||||