3 matches found
Aqua Security Trivy < 0.51.2 Credential Leak (GHSA-xcq4-m2r3-cmrj)
The version of Aqua Security Trivy installed on the remote host is prior to 0.51.2. It is, therefore, affected by a vulnerability as referenced in the GHSA-xcq4-m2r3-cmrj advisory. - If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could...
GO-2024-2870 Credential leakage in github.com/aquasecurity/trivy
A malicious registry can cause Trivy to leak credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Container Registry, or Azure Container Registry ACR if the registry is scanned from directly using Trivy. These tokens can then be used to push/pull...
CVE-2024-35192
CVE-2024-35192 affects Trivy prior to 0.51.2. Triggering image scans from a crafted malicious registry could leak credentials for registries (e.g., AWS ECR, Google Artifact/Container Registry, Azure ACR) to the user running Trivy. The tokens could be used to push/pull images from registries the u...