journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0.
References
Configurations
History
21 Nov 2024, 08:38
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
References | () https://github.com/Aiven-Open/journalpump/commit/390e69bc909ba16ad5f7b577010b4afc303361da - Patch | |
References | () https://github.com/Aiven-Open/journalpump/security/advisories/GHSA-738v-v386-8r6g - Vendor Advisory |
02 Jan 2024, 16:25
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | () https://github.com/Aiven-Open/journalpump/security/advisories/GHSA-738v-v386-8r6g - Vendor Advisory | |
References | () https://github.com/Aiven-Open/journalpump/commit/390e69bc909ba16ad5f7b577010b4afc303361da - Patch | |
CWE | CWE-215 |
CWE-319 |
CPE | cpe:2.3:a:aiven:journalpump:*:*:*:*:*:*:*:* |
21 Dec 2023, 02:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-21 00:15
Updated : 2024-11-21 08:38
NVD link : CVE-2023-51390
Mitre link : CVE-2023-51390
CVE.ORG link : CVE-2023-51390
JSON object : View
Products Affected
aiven
- journalpump