CVE-2019-14825: Cleartext Storage of Sensitive Information
(updated )
A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.
References
- bugzilla.redhat.com/show_bug.cgi?id=1730668
- bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825
- github.com/Katello/katello/commit/332484232b66b7907a8104a19ea97eb697b75c79
- github.com/Katello/katello/commit/4eefa678a905140620ca8b390d48fe318d36e4ea
- github.com/Katello/katello/commits/3.12.2
- github.com/Katello/katello/pull/8244
- github.com/Katello/katello/pull/8253
- github.com/advisories/GHSA-m4wh-848j-9w2r
- nvd.nist.gov/vuln/detail/CVE-2019-14825
- projects.theforeman.org/issues/27485
Detect and mitigate CVE-2019-14825 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →