tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "python-systemd-dbgsym": "204-5ubuntu20.19", "udev": "204-5ubuntu20.19", "libsystemd-id128-0-dbgsym": "204-5ubuntu20.19", "libgudev-1.0-dev": "1:204-5ubuntu20.19", "libudev-dev": "204-5ubuntu20.19", "libsystemd-login-dev": "204-5ubuntu20.19", "udev-udeb-dbgsym": "204-5ubuntu20.19", "libsystemd-daemon0-dbgsym": "204-5ubuntu20.19", "libsystemd-login0": "204-5ubuntu20.19", "libsystemd-daemon-dev": "204-5ubuntu20.19", "libsystemd-journal0-dbgsym": "204-5ubuntu20.19", "libsystemd-login0-dbgsym": "204-5ubuntu20.19", "libpam-systemd": "204-5ubuntu20.19", "python-systemd": "204-5ubuntu20.19", "libudev1-udeb": "204-5ubuntu20.19", "libudev1-udeb-dbgsym": "204-5ubuntu20.19", "systemd-services-dbgsym": "204-5ubuntu20.19", "libgudev-1.0-0-dbgsym": "1:204-5ubuntu20.19", "libudev1-dbgsym": "204-5ubuntu20.19", "gir1.2-gudev-1.0": "1:204-5ubuntu20.19", "libgudev-1.0-0": "1:204-5ubuntu20.19", "udev-dbgsym": "204-5ubuntu20.19", "systemd-services": "204-5ubuntu20.19", "udev-udeb": "204-5ubuntu20.19", "libpam-systemd-dbgsym": "204-5ubuntu20.19", "libudev1": "204-5ubuntu20.19", "libsystemd-daemon0": "204-5ubuntu20.19", "libsystemd-journal0": "204-5ubuntu20.19", "libsystemd-journal-dev": "204-5ubuntu20.19", "libsystemd-id128-0": "204-5ubuntu20.19", "libsystemd-id128-dev": "204-5ubuntu20.19" } ] }