Lucene search

Veracode Vulnerability DatabaseVERACODE:21761

HistoryOct 23, 2019 - 12:10 a.m.

Information Disclosure

2019-10-2300:10:47

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

katello is vulnerable to information disclosure. The registry credentials are captured in plain text in dynflow task during repository discovery, allowing an attacker to retrieve the credentials and gain access to the registry.

CPENameOperatorVersion
tfm-rubygem-foreman_discoveryeq5.0.0.9__1.el7sat
tfm-rubygem-foreman_discoveryeq5.0.0.8__1.el7sat
tfm-rubygem-foreman_discoveryeq9.1.5.4__1.fm1_15.el7sat
tfm-rubygem-foreman_discoveryeq9.1.5.3__1.fm1_15.el7sat
tfm-rubygem-foreman_discoveryeq12.0.2.1__1.el7sat
tfm-rubygem-foreman_discoveryeq14.0.1__1.el7sat
tfm-rubygem-rainboweq2.2.1__4.el7sat
tfm-rubygem-rainboweq2.2.1__3.el7sat
tfm-rubygem-journald-nativeeq1.0.11__1.el7sat
tfm-rubygem-journald-nativeeq1.0.10__1.el7sat

Name	Operator	Version
tfm-rubygem-foreman_discovery	eq	5.0.0.9__1.el7sat
tfm-rubygem-foreman_discovery	eq	5.0.0.8__1.el7sat
tfm-rubygem-foreman_discovery	eq	9.1.5.4__1.fm1_15.el7sat
tfm-rubygem-foreman_discovery	eq	9.1.5.3__1.fm1_15.el7sat
tfm-rubygem-foreman_discovery	eq	12.0.2.1__1.el7sat
tfm-rubygem-foreman_discovery	eq	14.0.1__1.el7sat
tfm-rubygem-rainbow	eq	2.2.1__4.el7sat
tfm-rubygem-rainbow	eq	2.2.1__3.el7sat
tfm-rubygem-journald-native	eq	1.0.11__1.el7sat
tfm-rubygem-journald-native	eq	1.0.10__1.el7sat

Rows per page:

1-10 of 27221

References

access.redhat.com/errata/RHSA-2019:3172

access.redhat.com/security/cve/CVE-2019-14825

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1111223

bugzilla.redhat.com/show_bug.cgi?id=1152515

bugzilla.redhat.com/show_bug.cgi?id=1163020

bugzilla.redhat.com/show_bug.cgi?id=1194093

bugzilla.redhat.com/show_bug.cgi?id=1336439

bugzilla.redhat.com/show_bug.cgi?id=1378579

bugzilla.redhat.com/show_bug.cgi?id=1402136

bugzilla.redhat.com/show_bug.cgi?id=1465521

bugzilla.redhat.com/show_bug.cgi?id=1490850

bugzilla.redhat.com/show_bug.cgi?id=1503426

bugzilla.redhat.com/show_bug.cgi?id=1505932

bugzilla.redhat.com/show_bug.cgi?id=1559006

bugzilla.redhat.com/show_bug.cgi?id=1561876

bugzilla.redhat.com/show_bug.cgi?id=1591629

bugzilla.redhat.com/show_bug.cgi?id=1593480

bugzilla.redhat.com/show_bug.cgi?id=1596411

bugzilla.redhat.com/show_bug.cgi?id=1601602

bugzilla.redhat.com/show_bug.cgi?id=1608712

bugzilla.redhat.com/show_bug.cgi?id=1609371

bugzilla.redhat.com/show_bug.cgi?id=1612800

bugzilla.redhat.com/show_bug.cgi?id=1630548

bugzilla.redhat.com/show_bug.cgi?id=1634755

bugzilla.redhat.com/show_bug.cgi?id=1643649

bugzilla.redhat.com/show_bug.cgi?id=1644201

bugzilla.redhat.com/show_bug.cgi?id=1649944

bugzilla.redhat.com/show_bug.cgi?id=1650641

bugzilla.redhat.com/show_bug.cgi?id=1651389

bugzilla.redhat.com/show_bug.cgi?id=1653293

bugzilla.redhat.com/show_bug.cgi?id=1658265

bugzilla.redhat.com/show_bug.cgi?id=1658284

bugzilla.redhat.com/show_bug.cgi?id=1658318

bugzilla.redhat.com/show_bug.cgi?id=1658553

bugzilla.redhat.com/show_bug.cgi?id=1659979

bugzilla.redhat.com/show_bug.cgi?id=1671274

bugzilla.redhat.com/show_bug.cgi?id=1671318

bugzilla.redhat.com/show_bug.cgi?id=1672706

bugzilla.redhat.com/show_bug.cgi?id=1673447

bugzilla.redhat.com/show_bug.cgi?id=1679225

bugzilla.redhat.com/show_bug.cgi?id=1679300

bugzilla.redhat.com/show_bug.cgi?id=1684573

bugzilla.redhat.com/show_bug.cgi?id=1686514

bugzilla.redhat.com/show_bug.cgi?id=1687543

bugzilla.redhat.com/show_bug.cgi?id=1687801

bugzilla.redhat.com/show_bug.cgi?id=1690070

bugzilla.redhat.com/show_bug.cgi?id=1690204

bugzilla.redhat.com/show_bug.cgi?id=1691074

bugzilla.redhat.com/show_bug.cgi?id=1691443

bugzilla.redhat.com/show_bug.cgi?id=1698148

bugzilla.redhat.com/show_bug.cgi?id=1698178

bugzilla.redhat.com/show_bug.cgi?id=1698182

bugzilla.redhat.com/show_bug.cgi?id=1703476

bugzilla.redhat.com/show_bug.cgi?id=1705099

bugzilla.redhat.com/show_bug.cgi?id=1706265

bugzilla.redhat.com/show_bug.cgi?id=1706267

bugzilla.redhat.com/show_bug.cgi?id=1706274

bugzilla.redhat.com/show_bug.cgi?id=1706277

bugzilla.redhat.com/show_bug.cgi?id=1706296

bugzilla.redhat.com/show_bug.cgi?id=1706721

bugzilla.redhat.com/show_bug.cgi?id=1706743

bugzilla.redhat.com/show_bug.cgi?id=1707157

bugzilla.redhat.com/show_bug.cgi?id=1709761

bugzilla.redhat.com/show_bug.cgi?id=1712554

bugzilla.redhat.com/show_bug.cgi?id=1712889

bugzilla.redhat.com/show_bug.cgi?id=1712985

bugzilla.redhat.com/show_bug.cgi?id=1713103

bugzilla.redhat.com/show_bug.cgi?id=1713248

bugzilla.redhat.com/show_bug.cgi?id=1713274

bugzilla.redhat.com/show_bug.cgi?id=1713802

bugzilla.redhat.com/show_bug.cgi?id=1714234

bugzilla.redhat.com/show_bug.cgi?id=1714604

bugzilla.redhat.com/show_bug.cgi?id=1715898

bugzilla.redhat.com/show_bug.cgi?id=1716877

bugzilla.redhat.com/show_bug.cgi?id=1716900

bugzilla.redhat.com/show_bug.cgi?id=1717069

bugzilla.redhat.com/show_bug.cgi?id=1717248

bugzilla.redhat.com/show_bug.cgi?id=1717883

bugzilla.redhat.com/show_bug.cgi?id=1718009

bugzilla.redhat.com/show_bug.cgi?id=1718889

bugzilla.redhat.com/show_bug.cgi?id=1720200

bugzilla.redhat.com/show_bug.cgi?id=1721055

bugzilla.redhat.com/show_bug.cgi?id=1722475

bugzilla.redhat.com/show_bug.cgi?id=1722713

bugzilla.redhat.com/show_bug.cgi?id=1723733

bugzilla.redhat.com/show_bug.cgi?id=1724064

bugzilla.redhat.com/show_bug.cgi?id=1724739

bugzilla.redhat.com/show_bug.cgi?id=1725250

bugzilla.redhat.com/show_bug.cgi?id=1725289

bugzilla.redhat.com/show_bug.cgi?id=1727320

bugzilla.redhat.com/show_bug.cgi?id=1727927

bugzilla.redhat.com/show_bug.cgi?id=1728289

bugzilla.redhat.com/show_bug.cgi?id=1728306

bugzilla.redhat.com/show_bug.cgi?id=1729049

bugzilla.redhat.com/show_bug.cgi?id=1729149

bugzilla.redhat.com/show_bug.cgi?id=1729153

bugzilla.redhat.com/show_bug.cgi?id=1730397

bugzilla.redhat.com/show_bug.cgi?id=1730668

bugzilla.redhat.com/show_bug.cgi?id=1731112

bugzilla.redhat.com/show_bug.cgi?id=1731639

bugzilla.redhat.com/show_bug.cgi?id=1732066

bugzilla.redhat.com/show_bug.cgi?id=1732601

bugzilla.redhat.com/show_bug.cgi?id=1737488

bugzilla.redhat.com/show_bug.cgi?id=1739367

bugzilla.redhat.com/show_bug.cgi?id=1739485

bugzilla.redhat.com/show_bug.cgi?id=1739712

bugzilla.redhat.com/show_bug.cgi?id=1744515

bugzilla.redhat.com/show_bug.cgi?id=1746166

bugzilla.redhat.com/show_bug.cgi?id=1746175

bugzilla.redhat.com/show_bug.cgi?id=1746581

bugzilla.redhat.com/show_bug.cgi?id=1747177

bugzilla.redhat.com/show_bug.cgi?id=1747654

bugzilla.redhat.com/show_bug.cgi?id=1750846

bugzilla.redhat.com/show_bug.cgi?id=1751384

bugzilla.redhat.com/show_bug.cgi?id=1752256

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

Related for VERACODE:21761