CVE-2019-14825
Summary
| CVE | CVE-2019-14825 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-11-25 16:15:00 UTC |
| Updated | 2023-02-12 23:34:00 UTC |
| Description | A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users. |
Risk And Classification
Problem Types: CWE-312
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Theforeman | Katello | All | All | All | All |
| Application | Theforeman | Katello | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 1739485 – (CVE-2019-14825) CVE-2019-14825 katello: registry credentials are captured in plain text during repository discovery | MISC | bugzilla.redhat.com | |
| 1739485 – (CVE-2019-14825) CVE-2019-14825 katello: registry credentials are captured in plain text during repository discovery | CONFIRM | bugzilla.redhat.com | Issue Tracking, Third Party Advisory |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.