GHSA-m4wh-848j-9w2r

Suggest an improvement
Source
https://github.com/advisories/GHSA-m4wh-848j-9w2r
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m4wh-848j-9w2r/GHSA-m4wh-848j-9w2r.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-m4wh-848j-9w2r
Aliases
  • CVE-2019-14825
Published
2022-05-24T17:01:59Z
Modified
2023-11-08T04:01:11.075253Z
Severity
  • 2.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Katello cleartext password storage issue
Details

A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.2. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.

Database specific
{
    "nvd_published_at": "2019-11-25T16:15:00Z",
    "github_reviewed_at": "2022-10-07T21:52:28Z",
    "severity": "LOW",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-312"
    ]
}
References

Affected packages

RubyGems / katello

Package

Name
katello
Purl
pkg:gem/katello

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0.0
Fixed
3.12.2

Affected versions

3.*

3.0.0
3.0.1
3.0.2
3.1.0.rc1
3.1.0.rc2.1
3.1.0
3.1.0.1
3.2.0.rc1
3.2.0.rc1.1
3.2.0.rc2
3.2.0.rc3
3.2.0
3.2.1
3.2.1.1
3.3.0.rc1
3.3.0.rc1.1
3.3.0.rc2
3.3.0
3.3.0.1
3.3.1
3.3.1.1
3.3.2
3.4.0.rc1
3.4.0.rc2
3.4.0
3.4.0.1
3.4.0.2
3.4.1
3.4.2
3.4.4
3.4.5
3.5.0.rc1
3.5.0.rc2
3.5.0
3.5.0.1
3.5.1
3.5.1.1
3.5.2
3.6.0.rc1
3.6.0.rc2
3.6.0
3.6.0.1.rc2
3.7.0.rc1
3.7.0.rc2
3.7.0
3.7.1
3.7.1.1
3.8.0.rc1
3.8.0.rc2
3.8.0.rc3
3.8.0
3.8.1
3.9.0.rc1
3.9.0.rc2
3.9.0
3.9.1
3.10.0.rc1
3.10.0.rc1.1
3.10.0
3.10.1
3.10.1.1
3.10.2
3.11.0.rc1
3.11.0.rc2
3.11.0
3.11.1
3.11.2
3.12.0.rc1
3.12.0.rc2
3.12.0
3.12.1