Log Disclosure Flaw in systemd 253 by systemd
CVE-2023-31437

5.3MEDIUM

Key Information:

Vendor: Systemd Project
Status: Systemd
Vendor: CVE Published:; 13 June 2023

🔔 Create Systemd Project Vulnerability Alert

What is CVE-2023-31437?

A log file modification issue has been identified in systemd 253, where an attacker can manipulate a sealed log file. This alteration can prevent certain log messages from being displayed in some views, leading to potential information leaks. Despite this, the vendor has denied that the findings constitute a security vulnerability. Further investigation is warranted to assess the implications of this flaw on system integrity and data confidentiality.

References

https://github.com/systemd/systemd/releases

https://github.com/kastel-security/Journald/blob/main/jou...

https://github.com/kastel-security/Journald

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2023
Vulnerability Reserved
Apr 28, 2023

CVE-2023-31437 Data

JSON