CVE-2023-31439

medium

Description

An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

References

https://github.com/systemd/systemd/releases

https://github.com/systemd/systemd/pull/28885

https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf

https://github.com/kastel-security/Journald

Details

Source: Mitre, NVD

Published: 2023-06-13

Updated: 2024-08-02

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Medium