nvd-json-data-feeds/CVE-2019/CVE-2019-148xx/CVE-2019-14825.json

{
  "id": "CVE-2019-14825",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2019-11-25T16:15:13.520",
  "lastModified": "2024-11-21T04:27:26.580",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema de almacenamiento de contrase\u00f1a en texto sin cifrar en Katello, versiones 3.x.x.x anteriores a katello 3.12.0.9. Las credenciales de registro utilizadas durante la detecci\u00f3n de im\u00e1genes del contenedor se registraron inadvertidamente sin enmascararse. Esta fallo podr\u00eda exponer las credenciales del registro a otros usuarios privilegiados."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
          "baseScore": 2.7,
          "baseSeverity": "LOW",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV30": [
      {
        "source": "secalert@redhat.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
          "baseScore": 4.1,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "baseScore": 4.0,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "secalert@redhat.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:theforeman:katello:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "3.0.0.0",
              "versionEndExcluding": "3.12.0.9",
              "matchCriteriaId": "9B55BD95-EC14-4CCC-B7E4-AF9559B91E7A"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825",
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2019-14825",`
			`"sourceIdentifier": "secalert@redhat.com",`
			`"published": "2019-11-25T16:15:13.520",`
Auto-Update: 2024-11-23T11:07:34.152052+00:00 2024-11-23 11:10:51 +00:00			`"lastModified": "2024-11-21T04:27:26.580",`
bootstrap 2023-04-24 12:24:31 +02:00			`"vulnStatus": "Modified",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"cveTags": [],`
bootstrap 2023-04-24 12:24:31 +02:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users."`
			`},`
			`{`
			`"lang": "es",`
			`"value": "Se detect\u00f3 un problema de almacenamiento de contrase\u00f1a en texto sin cifrar en Katello, versiones 3.x.x.x anteriores a katello 3.12.0.9. Las credenciales de registro utilizadas durante la detecci\u00f3n de im\u00e1genes del contenedor se registraron inadvertidamente sin enmascararse. Esta fallo podr\u00eda exponer las credenciales del registro a otros usuarios privilegiados."`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",`
Auto-Update: 2024-11-23T11:07:34.152052+00:00 2024-11-23 11:10:51 +00:00			`"baseScore": 2.7,`
			`"baseSeverity": "LOW",`
bootstrap 2023-04-24 12:24:31 +02:00			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "HIGH",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "NONE",`
Auto-Update: 2024-11-23T11:07:34.152052+00:00 2024-11-23 11:10:51 +00:00			`"availabilityImpact": "NONE"`
bootstrap 2023-04-24 12:24:31 +02:00			`},`
			`"exploitabilityScore": 1.2,`
			`"impactScore": 1.4`
			`}`
			`],`
			`"cvssMetricV30": [`
			`{`
			`"source": "secalert@redhat.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.0",`
			`"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",`
Auto-Update: 2024-11-23T11:07:34.152052+00:00 2024-11-23 11:10:51 +00:00			`"baseScore": 4.1,`
			`"baseSeverity": "MEDIUM",`
bootstrap 2023-04-24 12:24:31 +02:00			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "HIGH",`
			`"userInteraction": "NONE",`
			`"scope": "CHANGED",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "NONE",`
Auto-Update: 2024-11-23T11:07:34.152052+00:00 2024-11-23 11:10:51 +00:00			`"availabilityImpact": "NONE"`
bootstrap 2023-04-24 12:24:31 +02:00			`},`
			`"exploitabilityScore": 2.3,`
			`"impactScore": 1.4`
			`}`
			`],`
			`"cvssMetricV2": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",`
Auto-Update: 2024-11-23T11:07:34.152052+00:00 2024-11-23 11:10:51 +00:00			`"baseScore": 4.0,`
bootstrap 2023-04-24 12:24:31 +02:00			`"accessVector": "NETWORK",`
			`"accessComplexity": "LOW",`
			`"authentication": "SINGLE",`
			`"confidentialityImpact": "PARTIAL",`
			`"integrityImpact": "NONE",`
Auto-Update: 2024-11-23T11:07:34.152052+00:00 2024-11-23 11:10:51 +00:00			`"availabilityImpact": "NONE"`
bootstrap 2023-04-24 12:24:31 +02:00			`},`
			`"baseSeverity": "MEDIUM",`
			`"exploitabilityScore": 8.0,`
			`"impactScore": 2.9,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": false`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "secalert@redhat.com",`
Auto-Update: 2024-12-15T03:00:19.262894+00:00 2024-12-15 03:03:56 +00:00			`"type": "Primary",`
bootstrap 2023-04-24 12:24:31 +02:00			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-312"`
			`}`
			`]`
			`},`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-312"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:theforeman:katello::::::::",`
			`"versionStartIncluding": "3.0.0.0",`
			`"versionEndExcluding": "3.12.0.9",`
			`"matchCriteriaId": "9B55BD95-EC14-4CCC-B7E4-AF9559B91E7A"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825",`
			`"source": "secalert@redhat.com",`
			`"tags": [`
			`"Issue Tracking",`
			`"Third Party Advisory"`
			`]`
Auto-Update: 2024-11-23T11:07:34.152052+00:00 2024-11-23 11:10:51 +00:00			`},`
			`{`
			`"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Issue Tracking",`
			`"Third Party Advisory"`
			`]`
bootstrap 2023-04-24 12:24:31 +02:00			`}`
			`]`
			`}`