A flaw was found in atomic-reactor. When atomic-reactor push fails, logged exception contains details about destination credentials for image push (to get credentials you must force atomic-reactor to fail). References: https://github.com/projectatomic/atomic-reactor/pull/1186#issuecomment-477732097
Created skopeo tracking bugs for this issue: Affects: fedora-all [bug 1694249]
This CVE Might effect Podman and Buildah as well.
Created atomic-reactor tracking bugs for this issue: Affects: epel-all [bug 1694524] Affects: fedora-all [bug 1694523]