PT-2019-13852 · Red Hat · Katello
Published
2019-11-25
·
Updated
2023-02-12
·
CVE-2019-14825
CVSS v3.1
4.1
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Katello versions prior to 3.12.0.9
Description
A cleartext password storage issue was discovered in Katello. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.
Recommendations
For versions prior to 3.12.0.9, update to version 3.12.0.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the logs that contain the registry credentials to minimize the risk of exploitation.
Exploit
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Katello