CVE-2023-51390

EPSS 0.08%
Veröffentlicht 21.12.2023 00:15:26
Zuletzt bearbeitet 21.11.2024 08:38:00
Quelle security-advisories@github.com
Teams Watchlist Login
Unerledigt Login

journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 3 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Aiven ≫ Journalpump Version < 2.5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.237

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-215 Insertion of Sensitive Information Into Debugging Code

The product inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://github.com/Aiven-Open/journalpump/commit/390e69bc909ba16ad5f7b577010b4afc303361da

Patch

https://github.com/Aiven-Open/journalpump/security/advisories/GHSA-738v-v386-8r6g

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-51390

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-51390

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-51390

EUVD