CVE-2023-51390 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-51390 PUBLISHED CVSS 6.5 MEDIUM

journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0.

EPSS 0.08% · 23.0th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.08%

23.0th percentile

Affected Products

Vendor	Product	Versions
Aiven-Open	journalpump	*
aiven	journalpump	0

Timeline

Jan 21, 1970 Security Advisory
Dec 20, 2023 CVE Published
Dec 21, 2023 EPSS Score
Jan 18, 2024 EPSS Score
Feb 16, 2024 EPSS Score
Mar 15, 2024 EPSS Score
Apr 13, 2024 EPSS Score
May 11, 2024 EPSS Score
Jun 8, 2024 EPSS Score
Jul 7, 2024 EPSS Score
Aug 4, 2024 EPSS Score
Sep 2, 2024 EPSS Score

References

Open in Interactive Console →