← Volver a CVEs
CVE-2023-51390
MEDIUM6.5
Descripcion
journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0.
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado12/21/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
aiven:journalpump
Debilidades (CWE)
CWE-215CWE-284CWE-319
Referencias
https://github.com/Aiven-Open/journalpump/commit/390e69bc909ba16ad5f7b577010b4afc303361da(security-advisories@github.com)
https://github.com/Aiven-Open/journalpump/security/advisories/GHSA-738v-v386-8r6g(security-advisories@github.com)
https://github.com/Aiven-Open/journalpump/commit/390e69bc909ba16ad5f7b577010b4afc303361da(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Aiven-Open/journalpump/security/advisories/GHSA-738v-v386-8r6g(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.