VDB
CVE-2019-14825
CVE-2019-14825
PUBLISHED
CVSS 4.099999904632568 MEDIUM
A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.
EPSS 0.15% · 35.7th percentile
Risk Scores
CVSS 3.0
4.099999904632568
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
EPSS Score
0.15%
35.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| theforeman | katello | 3.0.0.0 |
| RubyGems | katello | 3.0.0.0 |
| Red Hat | katello | katello versions 3.x.x.x before katello 3.12.0.9 |
Exploit Intelligence
Timeline
- Nov 25, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825 url
- https://nvd.nist.gov/vuln/detail/CVE-2019-14825 advisory
- https://github.com/Katello/katello/pull/8244 url
- https://github.com/Katello/katello/pull/8253 url
- https://github.com/Katello/katello/commit/332484232b66b7907a8104a19ea97eb697b75c79 url
- https://github.com/Katello/katello/commit/4eefa678a905140620ca8b390d48fe318d36e4ea url
- https://access.redhat.com/errata/RHSA-2019:3172 url
- https://access.redhat.com/security/cve/CVE-2019-14825 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1730668 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1739485 url
- https://github.com/Katello/katello package
- https://github.com/Katello/katello/commits/3.12.2 url
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2019-14825.yml url
- https://projects.theforeman.org/issues/27485 url