CVE-2023-51390 MEDIUM

CVE-2023-51390: Information Disclosure Vulnerability in Journalpump

Vendor Aiven-Open
Product journalpump
Weakness CWE-284
Published December 20, 2023
Last update August 2, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0.

Key dates

02Disclosure timeline

December 20, 2023 CVE published
August 2, 2024 Record updated