tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.