Cleartext Password Storage Flaw in Katello by Red Hat
CVE-2019-14825

4.1MEDIUM

Key Information:

Vendor: Red Hat
Status: Katello
Vendor: CVE Published:; 25 November 2019

Summary

A vulnerability in Katello allows for registry credentials used in container image discovery to be logged in cleartext. This design flaw means that sensitive user credentials are not adequately masked, potentially exposing them to privileged users within the system. The issue affects versions of Katello prior to 3.12.0.9, urging users to upgrade to ensure the protection of their sensitive information against unauthorized access.

Affected Version(s)

katello katello versions 3.x.x.x before katello 3.12.0.9

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 25, 2019
Vulnerability Reserved
Aug 10, 2019