CVE-2019-14825
katello: registry credentials are captured in plain text during repository discovery
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.
Se detectó un problema de almacenamiento de contraseña en texto sin cifrar en Katello, versiones 3.x.x.x anteriores a katello 3.12.0.9. Las credenciales de registro utilizadas durante la detección de imágenes del contenedor se registraron inadvertidamente sin enmascararse. Esta fallo podría exponer las credenciales del registro a otros usuarios privilegiados.
A cleartext password storage issue was discovered in Katello. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-10 CVE Reserved
- 2019-10-22 CVE Published
- 2023-05-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-312: Cleartext Storage of Sensitive Information
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825 | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2019-14825 | 2019-10-22 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1739485 | 2019-10-22 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Theforeman Search vendor "Theforeman" | Katello Search vendor "Theforeman" for product "Katello" | >= 3.0.0.0 < 3.12.0.9 Search vendor "Theforeman" for product "Katello" and version " >= 3.0.0.0 < 3.12.0.9" | - |
Affected
|