CVE-2019-14825

CWE-312Cleartext Storage of Sensitive Info7 documents6 sources
Severity
2.7LOW
EPSS
0.2%
top 64.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Theforeman KatelloRED HAT Katello
Timeline
PublishedNov 25
Latest updateMay 24

Description

A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages3 packages

RubyGemskatello3.0.0.03.12.2
NVDtheforeman/katello3.0.0.03.12.0.9
CVEListV5red_hat/katellokatello versions 3.x.x.x before katello 3.12.0.9

🔴Vulnerability Details

3
GHSA
Katello cleartext password storage issue2022-05-24
OSV
Katello cleartext password storage issue2022-05-24
CVEList
CVE-2019-14825: A cleartext password storage issue was discovered in Katello, versions 32019-11-25

📋Vendor Advisories

1
Red Hat
katello: registry credentials are captured in plain text during repository discovery2019-08-09

💬Community

2
Bugzilla
CVE-2019-14825 katello: registry credentials are captured in plain text during repository discovery2019-08-09
Bugzilla
CVE-2019-14825 katello: Registry credentials are captured in plain text in dynflow task during repository discovery [rhn_satellite_6-default]2019-07-17
CVE-2019-14825 (LOW CVSS 2.7) | A cleartext password storage issue | cvebase.io