Insertion of Sensitive Information Into Debugging Code

CVE-2023-51390

Medium

6.5/10

Summary

journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-215 - Insertion of Sensitive Information Into Debugging Code

The application inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.

References

Advisory Timeline

Published Dec 21, 2023

Insertion of Sensitive Information Into Debugging Code

CVE-2023-51390

Summary

CWE-215 - Insertion of Sensitive Information Into Debugging Code

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS