CVE-2023-31437

Опубликовано: 13 июн. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

Ссылки

https://github.com/kastel-security/Journald
Third Party Advisory
https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf
Technical Description
https://github.com/systemd/systemd/releases
Release Notes
https://github.com/kastel-security/Journald
Third Party Advisory
https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf
Technical Description
https://github.com/systemd/systemd/releases
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:systemd_project:systemd:253:-:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00128

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-354

Связанные уязвимости

CVE-2023-31437

CVSS3: 5.3

ubuntu

больше 2 лет назад

CVE-2023-31437

CVSS3: 5.3

debian

больше 2 лет назад

An issue was discovered in systemd 253. An attacker can modify a seale ...

GHSA-9mv8-4v9g-hm48

CVSS3: 5.3

github

больше 2 лет назад

An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed.

EPSS

Процентиль: 32%

0.00128

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-354