CVE-2019-14825.yml

---
gem: katello
cve: 2019-14825
ghsa: m4wh-848j-9w2r
url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825
title: Katello cleartext password storage issue
date: 2022-05-24
description: |
  A cleartext password storage issue was discovered in Katello, versions
  3.x.x.x before katello 3.12.2. Registry credentials used during container image
  discovery were inadvertently logged without being masked. This flaw could expose
  the registry credentials to other privileged users.
cvss_v3: 2.7
patched_versions:
  - ">= 3.12.2"
related:
  url:
    - https://github.com/Katello/katello/pull/8244
    - https://github.com/Katello/katello/pull/8253
    - https://github.com/Katello/katello/commit/332484232b66b7907a8104a19ea97eb697b75c79
    - https://github.com/Katello/katello/commit/4eefa678a905140620ca8b390d48fe318d36e4ea
    - https://bugzilla.redhat.com/show_bug.cgi?id=1730668
    - https://github.com/Katello/katello/commits/3.12.2
    - https://projects.theforeman.org/issues/27485