CVE-2019-14825 – katello

Package

Manager: gem
Name: katello
Vulnerable Version: >=3.0.0.0 <3.12.2

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00152 pctl0.36411

Details

Katello cleartext password storage issue A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.2. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.

Metadata

Created: 2022-05-24T17:01:59Z
Modified: 2022-10-07T21:52:28Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m4wh-848j-9w2r/GHSA-m4wh-848j-9w2r.json
CWE IDs: ["CWE-312"]
Alternative ID: GHSA-m4wh-848j-9w2r
Finding: F020
Auto approve: 1