Vulnerabilities > Anchore
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2024-24579 | Path Traversal vulnerability in Anchore Stereoscope stereoscope is a go library for processing container images and simulating a squash filesystem. | 9.8 |
| 2023-02-07 | CVE-2023-24827 | Information Exposure Through Log Files vulnerability in Anchore Syft 0.69.0/0.69.1 syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. | 7.5 |
| 2022-07-20 | CVE-2022-1766 | Insufficiently Protected Credentials vulnerability in Anchore and Anchorectl Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. | 7.5 |
| 2020-05-27 | CVE-2020-11075 | Unspecified vulnerability in Anchore Engine 0.7.0 In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. | 9.9 |
| 2018-08-01 | CVE-2018-1999033 | Information Exposure vulnerability in Anchore Container Image Scanner An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the password stored in this plugin's configuration. | 6.5 |