VYPR

katello-debug

by Red Hat

Source repositories

CVEs (2)

  • CVE-2016-9595HigJul 27, 2018
    risk 0.40cvss 7.3epss 0.00

    A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

  • CVE-2019-14825Nov 25, 2019
    risk 0.00cvss epss 0.01

    A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged…