Log File Integrity Issue in systemd by systemd Developers
CVE-2023-31439

5.3MEDIUM

Key Information:

Vendor: Systemd Project
Status: Systemd
Vendor: CVE Published:; 13 June 2023

🔔 Create Systemd Project Vulnerability Alert

What is CVE-2023-31439?

A vulnerability in systemd 253 allows an attacker to alter the contents of past events in a sealed log file. This manipulation can be achieved while ensuring that an integrity check appears valid, masking the unauthorized changes. Despite findings presented regarding this issue, the vendor refuted claims of any security vulnerabilities associated with it.

References

https://github.com/systemd/systemd/releases

https://github.com/kastel-security/Journald/blob/main/jou...

https://github.com/kastel-security/Journald

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2023
Vulnerability Reserved
Apr 28, 2023

CVE-2023-31439 Data

JSON