CVE-2019-14825
LOW2.7EPSS 0.15%Katello cleartext password storage issue
發布日:2022/5/24修改日:2023/11/8
描述
A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.2. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.
受影響套件(1)
- RubyGems/katello>= 3.0.0.0, < 3.12.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | LOW2.7 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
參考連結(14)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-14825
- PATCHhttps://github.com/Katello/katello
- WEBhttps://access.redhat.com/errata/RHSA-2019:3172
- WEBhttps://access.redhat.com/security/cve/CVE-2019-14825
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1730668
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1739485
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825
- WEBhttps://github.com/Katello/katello/commit/332484232b66b7907a8104a19ea97eb697b75c79
- WEBhttps://github.com/Katello/katello/commit/4eefa678a905140620ca8b390d48fe318d36e4ea
- WEBhttps://github.com/Katello/katello/commits/3.12.2
- WEBhttps://github.com/Katello/katello/pull/8244
- WEBhttps://github.com/Katello/katello/pull/8253
- WEBhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2019-14825.yml
- WEBhttps://projects.theforeman.org/issues/27485