Low severityNVD Advisory· Published Nov 25, 2019· Updated Aug 5, 2024
CVE-2019-14825
CVE-2019-14825
Description
A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
katelloRubyGems | >= 3.0.0.0, < 3.12.2 | 3.12.2 |
Affected products
2- Range: katello versions 3.x.x.x before katello 3.12.0.9
Patches
Vulnerability mechanics
References
14- github.com/advisories/GHSA-m4wh-848j-9w2rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-14825ghsaADVISORY
- access.redhat.com/errata/RHSA-2019:3172ghsaWEB
- access.redhat.com/security/cve/CVE-2019-14825ghsaWEB
- bugzilla.redhat.com/show_bug.cgighsaWEB
- bugzilla.redhat.com/show_bug.cgighsaWEB
- bugzilla.redhat.com/show_bug.cgighsaWEB
- github.com/Katello/katello/commit/332484232b66b7907a8104a19ea97eb697b75c79ghsaWEB
- github.com/Katello/katello/commit/4eefa678a905140620ca8b390d48fe318d36e4eaghsaWEB
- github.com/Katello/katello/commits/3.12.2ghsaWEB
- github.com/Katello/katello/pull/8244ghsaWEB
- github.com/Katello/katello/pull/8253ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2019-14825.ymlghsaWEB
- projects.theforeman.org/issues/27485ghsaWEB
News mentions
0No linked articles in our index yet.