Registry credentials are captured in plain text in dynflow task during repository discovery. Upstream issue: https://bugzilla.redhat.com/show_bug.cgi?id=1730668
This issue has been addressed in the following products: Red Hat Satellite 6.6 for RHEL 7 Via RHSA-2019:3172 https://access.redhat.com/errata/RHSA-2019:3172
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14825