Auto-merge PR#6548

2025-07-29 05:56:59 +00:00 · 2022-07-20 12:10:20 -04:00 · 2022-07-20 12:10:20 -04:00 · 195b5cb8e7
commit 195b5cb8e7
parent 34690e68a3 efde0cb7e2
1 changed files with 70 additions and 7 deletions
--- a/2022/1xxx/CVE-2022-1766.json
+++ b/2022/1xxx/CVE-2022-1766.json
@ -1,18 +1,81 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "cert@cert.org",
+        "DATE_PUBLIC": "2022-04-29T00:00:00.000Z",
        "ID": "CVE-2022-1766",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Anchore Enterprise",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_value": "4.0.1"
+                                        }
+                                    ]
+                                }
+                            },
+                            {
+                                "product_name": "AnchoreCTL",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_value": "0.1.5"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Anchore Inc."
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the Software Bill of Materials (SBOM) generated by anchorectl. Users of anchorectl version 0.1.4 should upgrade to anchorectl version 0.1.5 to resolve this issue."
            }
        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-522: Insufficiently Protected Credentials"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://docs.anchore.com/current/docs/releasenotes/401/",
+                "refsource": "CONFIRM",
+                "url": "https://docs.anchore.com/current/docs/releasenotes/401/"
+            }
+        ]
+    },
+    "source": {
+        "discovery": "UNKNOWN"
    }
-}
+}