Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
anchore vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-1766
Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the Software Bill of Materials (SBOM) generated by anchorectl. Users of anchorectl ...
Anchore Anchore
Anchore Anchorectl
7.5
CVSSv3
CVE-2023-24827
syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFT_ATTEST_PASSWORD environment var...
Anchore Syft 0.69.0
Anchore Syft 0.69.1
9.8
CVSSv3
CVE-2024-24579
stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive t...
Anchore Stereoscope
9.9
CVSSv3
CVE-2020-11075
In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an auth...
Anchore Engine 0.7.0
1 Github repository
6.5
CVSSv3
CVE-2018-1999033
An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and previous versions in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the passwor...
Anchore Container Image Scanner
5.4
CVSSv3
CVE-2022-41225
Jenkins Anchore Container Image Scanner Plugin 1.0.24 and previous versions does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine.
Jenkins Anchore Container Image Scanner
6.5
CVSSv3
CVE-2019-16542
Jenkins Anchore Container Image Scanner Plugin 1.0.19 and previous versions stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Jenkins Anchore Container Image Scanner
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started