{"api_version":"1","generated_at":"2026-04-22T23:21:57+00:00","cve":"CVE-2019-14825","urls":{"html":"https://cve.report/CVE-2019-14825","api":"https://cve.report/api/cve/CVE-2019-14825.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-14825","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-14825"},"summary":{"title":"CVE-2019-14825","description":"A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2019-11-25 16:15:00","updated_at":"2023-02-12 23:34:00"},"problem_types":["CWE-312"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1739485","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1739485","refsource":"MISC","tags":[],"title":"1739485 – (CVE-2019-14825) CVE-2019-14825 katello: registry credentials are captured in plain text during repository discovery","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825","refsource":"CONFIRM","tags":["Issue Tracking","Third Party Advisory"],"title":"1739485 – (CVE-2019-14825) CVE-2019-14825 katello: registry credentials are captured in plain text during repository discovery","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2019:3172","name":"https://access.redhat.com/errata/RHSA-2019:3172","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2019-14825","name":"https://access.redhat.com/security/cve/CVE-2019-14825","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-14825","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14825","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"14825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"theforeman","cpe5":"katello","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"14825","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"theforeman","cpe5":"katello","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2019-14825","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-312","cweId":"CWE-312"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Red Hat","product":{"product_data":[{"product_name":"katello","version":{"version_data":[{"version_affected":"=","version_value":"katello versions 3.x.x.x before katello 3.12.0.9"}]}}]}}]}},"references":{"reference_data":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825"}]},"impact":{"cvss":[{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.1,"baseSeverity":"MEDIUM"}]}},"nvd":{"publishedDate":"2019-11-25 16:15:00","lastModifiedDate":"2023-02-12 23:34:00","problem_types":["CWE-312"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.7,"baseSeverity":"LOW"},"exploitabilityScore":1.2,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:theforeman:katello:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0.0","versionEndExcluding":"3.12.0.9","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"14825","Ordinal":"154034","Title":"CVE-2019-14825","CVE":"CVE-2019-14825","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"14825","Ordinal":"1","NoteData":"A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"14825","Ordinal":"2","NoteData":"2019-11-25","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"14825","Ordinal":"3","NoteData":"2019-11-25","Type":"Other","Title":"Modified"}]}}}