CVE-2023-51390

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions journalpump versions prior to 2.5.0

Description A logging issue was found in journalpump, where it logs the configuration of a service integration in plaintext to the supplied logging pipeline. This includes credential information contained in the configuration, if any.

Recommendations For versions prior to 2.5.0, update to version 2.5.0 to resolve the issue. As a temporary workaround, consider restricting access to the logging pipeline to minimize the risk of credential exposure.

Exploit

Fix

Cleartext Transmission of Sensitive Information

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319CWE-284CWE-215

Related Identifiers

CVE-2023-51390

GHSA-738V-V386-8R6G

Affected Products

Journalpump

CVE-2023-51390

Weakness Enumeration

Related Identifiers

Affected Products

References · 6