CVE-2022-1766 – Anchore Enterprise anchorectl version 0.1.4 imp... (How to Fix)

Q: What is the severity of CVE-2022-1766?

CVE-2022-1766 has a CVSS score of 7.5 (HIGH). Anchore Enterprise anchorectl version 0.1.4 improperly embeds API credentials in generated Software Bill of Materials (SBOM) files. This exposes sensitive authentication information to anyone who can access the SBOM output. Users of anchorectl 0.1.4 are affected.

📋 TL;DR

Anchore Enterprise anchorectl version 0.1.4 improperly embeds API credentials in generated Software Bill of Materials (SBOM) files. This exposes sensitive authentication information to anyone who can access the SBOM output. Users of anchorectl 0.1.4 are affected.

💻 Affected Systems

Products:

Anchore Enterprise anchorectl

Versions: 0.1.4 only

Operating Systems: All platforms running anchorectl

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects SBOM generation functionality using anchorectl 0.1.4.

📦 What is this software?

Anchore by Anchore

View all CVEs affecting Anchore →

Anchorectl by Anchore

View all CVEs affecting Anchorectl →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain valid API credentials, gain unauthorized access to Anchore Enterprise, potentially compromising container security scanning results and accessing sensitive container image data.

🟠

Likely Case

Internal users or automated systems inadvertently expose SBOMs containing credentials, leading to credential leakage and potential unauthorized API access.

🟢

If Mitigated

Limited exposure if SBOMs are properly secured and access-controlled, but credentials remain embedded in generated files.

🌐 Internet-Facing: MEDIUM - If SBOMs are published or shared externally, credentials become publicly accessible.

🏢 Internal Only: HIGH - Credentials embedded in SBOMs accessible to internal users pose significant credential exposure risk.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Simply accessing generated SBOM files reveals credentials.

Exploitation requires access to generated SBOM files containing embedded credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.1.5

Vendor Advisory: https://docs.anchore.com/current/docs/releasenotes/401/

Restart Required: No

Instructions:

1. Download anchorectl version 0.1.5 from official Anchore sources. 2. Replace existing anchorectl binary with new version. 3. Verify version with 'anchorectl version' command.

🔧 Temporary Workarounds

Manual credential removal from SBOMs

all

Manually inspect and remove credential data from existing SBOM files before sharing or storing.

grep -r 'credentials\|password\|token' *.json *.spdx

Restrict SBOM file access

linux

Apply strict file permissions and access controls to SBOM files generated with vulnerable version.

chmod 600 *.json *.spdx
chown root:root *.json *.spdx

🧯 If You Can't Patch

Regenerate all SBOMs with patched version and replace existing files
Rotate all API credentials used with vulnerable anchorectl version

🔍 How to Verify

Check if Vulnerable:

Check anchorectl version: if version is 0.1.4, system is vulnerable. Also inspect SBOM files for embedded credential strings.

Check Version:

anchorectl version

Verify Fix Applied:

Confirm anchorectl version is 0.1.5 and verify SBOM files no longer contain API credential strings.

📡 Detection & Monitoring

Log Indicators:

SBOM generation logs showing credential usage
API access from unexpected sources using exposed credentials

Network Indicators:

Anomalous API requests to Anchore Enterprise from new IPs

SIEM Query:

source="anchorectl" AND "SBOM" AND ("credentials" OR "token" OR "password")

📊 Metadata

CVE ID: CVE-2022-1766

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-522

Published: July 20, 2022

Last Updated: November 21, 2024

🔗 References

https://docs.anchore.com/current/docs/releasenotes/401/ Release Notes,Vendor Advisory
https://docs.anchore.com/current/docs/releasenotes/401/ Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1766, you might also want to check these: