PT-2023-31804 · Unknown · Journalpump

Docemmetbrown

Publicado

2023-12-20

Atualizado

2024-01-02

CVE-2023-51390

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions journalpump versions prior to 2.5.0

Description A logging issue was found in journalpump, where it logs the configuration of a service integration in plaintext to the supplied logging pipeline. This includes credential information contained in the configuration, if any.

Recommendations For versions prior to 2.5.0, update to version 2.5.0 to resolve the issue. As a temporary workaround, consider restricting access to the logging pipeline to minimize the risk of credential exposure.

Exploit

Correção

Cleartext Transmission of Sensitive Information

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319CWE-284CWE-215

Identificadores relacionados

CVE-2023-51390

GHSA-738V-V386-8R6G

Produtos afetados

Journalpump

PT-2023-31804 · Unknown · Journalpump

CVE-2023-51390

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6