2 matches found
GHSA-XCQ4-M2R3-CMRJ Trivy possibly leaks registry credential when scanning images from malicious registries
Impact If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Container Registry, or Azure Container Registr...
Securing Containers in Google Cloud Artifact Registry with Qualys
Container software supply chain is an area of concern for security teams in large and small enterprises because developers often make use of container images from a variety of public repositories. A single insecure container image can be instantiated several times and lead to a wide, diffused...