CVE-2019-14825

4.1MEDIUM

Key Information:

Vendor: Red Hat
Status: Katello
Vendor: CVE Published:; 25 November 2019

Summary

A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.

Affected Version(s)

katello katello versions 3.x.x.x before katello 3.12.0.9

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 25, 2019
Vulnerability Reserved
Aug 10, 2019