/
CVE-2019-14825.yml
24 lines (24 loc) · 998 Bytes
/
CVE-2019-14825.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
---
gem: katello
cve: 2019-14825
ghsa: m4wh-848j-9w2r
url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825
title: Katello cleartext password storage issue
date: 2022-05-24
description: |
A cleartext password storage issue was discovered in Katello, versions
3.x.x.x before katello 3.12.2. Registry credentials used during container image
discovery were inadvertently logged without being masked. This flaw could expose
the registry credentials to other privileged users.
cvss_v3: 2.7
patched_versions:
- ">= 3.12.2"
related:
url:
- https://github.com/Katello/katello/pull/8244
- https://github.com/Katello/katello/pull/8253
- https://github.com/Katello/katello/commit/332484232b66b7907a8104a19ea97eb697b75c79
- https://github.com/Katello/katello/commit/4eefa678a905140620ca8b390d48fe318d36e4ea
- https://bugzilla.redhat.com/show_bug.cgi?id=1730668
- https://github.com/Katello/katello/commits/3.12.2
- https://projects.theforeman.org/issues/27485