CVE-2023-51390 — MEDIUM (6.5)

Q: How severe is CVE-2023-51390?

CVE-2023-51390 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-51390?

Check the references section above for vendor advisories and patch information. Affected products include: Aiven Journalpump.

Vulnerability Description

journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Aiven	Journalpump	< 2.5.0

Related Weaknesses (CWE)

CWE-284 CWE-319 CWE-215

References

FAQ

What is CVE-2023-51390?

CVE-2023-51390 is a vulnerability with a CVSS score of 6.5 (MEDIUM). journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integrati...

How severe is CVE-2023-51390?

CVE-2023-51390 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-51390?

Check the references section above for vendor advisories and patch information. Affected products include: Aiven Journalpump.