Theforeman: >> Katello >> 3.12.0 Security Vulnerabilities
A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.
CVSS Score
4.1
EPSS Score
0.002
Published
2019-11-25
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable.
CVSS Score
4.3
EPSS Score
0.002
Published
2018-12-14