CVE-2019-14825 (katello): Katello cleartext password storage issue

ADVISORIES

CVE-2019-14825 (NVD)
GHSA-m4wh-848j-9w2r
Vendor Advisory

GEM

katello

SEVERITY

CVSS v3.x: 2.7 (Low)

PATCHED VERSIONS

>= 3.12.2

DESCRIPTION

A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.2. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.

https://github.com/Katello/katello/pull/8244
https://github.com/Katello/katello/pull/8253
https://github.com/Katello/katello/commit/332484232b66b7907a8104a19ea97eb697b75c79
https://github.com/Katello/katello/commit/4eefa678a905140620ca8b390d48fe318d36e4ea
https://bugzilla.redhat.com/show_bug.cgi?id=1730668
https://github.com/Katello/katello/commits/3.12.2
https://projects.theforeman.org/issues/27485

RubySec

CVE-2019-14825 (katello): Katello cleartext password storage issue

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories