Aqua Security Trivy < 0.51.2 Credential Leak (GHSA-xcq4-m2r3-cmrj)

The version of Aqua Security Trivy installed on the remote host is prior to 0.51.2. It is, therefore, affected by a vulnerability as referenced in the GHSA-xcq4-m2r3-cmrj advisory. - If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could...

GO-2024-2870 Credential leakage in github.com/aquasecurity/trivy

A malicious registry can cause Trivy to leak credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Container Registry, or Azure Container Registry ACR if the registry is scanned from directly using Trivy. These tokens can then be used to push/pull...

Container Registry Credential Leak

Trivy is vulnerable to Container Registry Credential Leak. The vulnerability is due to insufficient registry domain validation which results in container registry credential leakage. An attacker must convince a user intro scanning a malicious container, which then allows an attacker to push/pull...

CVE-2024-35192 Trivy possibly leaks registry credential when scanning images from malicious registries

Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Contain...

CVE-2024-35192 Trivy possibly leaks registry credential when scanning images from malicious registries

Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Contain...

CVE-2024-35192

CVE-2024-35192 affects Trivy prior to 0.51.2. Triggering image scans from a crafted malicious registry could leak credentials for registries (e.g., AWS ECR, Google Artifact/Container Registry, Azure ACR) to the user running Trivy. The tokens could be used to push/pull images from registries the u...

GHSA-XCQ4-M2R3-CMRJ Trivy possibly leaks registry credential when scanning images from malicious registries

Impact If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Container Registry, or Azure Container Registr...

Trivy possibly leaks registry credential when scanning images from malicious registries

Impact If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Container Registry, or Azure Container Registr...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Security 3.68 security and enhancement update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes RHACS. The updated image includes a bug fixes, security patches and new feature enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scorin...