A vulnerability was found in the way Satellite 6 installer logs the calls to Candlepins cpdb. The /var/log/candlepin/cpdb.log log file permissions allows a non privileged user to read credentials information from the log files.
Remove world readable permission from /var/log/candlepin/cpdb.log, by executing the following on the console of the machine where Red Hat Satellite is installed, as root:
chmod o-r /var/log/candlepin/cpdb.log
Name: Evgeni Golov (Red Hat)
This issue has been addressed in the following products:
Red Hat Satellite 6.5 for RHEL 7
Via RHSA-2019:1222 https://access.redhat.com/errata/RHSA-2019:1222