CVE-2023-31438

Опубликовано: 13 июн. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

Ссылки

https://github.com/kastel-security/Journald
Third Party Advisory
https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf
Technical Description
https://github.com/systemd/systemd/pull/28886
https://github.com/systemd/systemd/releases
Release Notes
https://github.com/kastel-security/Journald
Third Party Advisory
https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf
Technical Description
https://github.com/systemd/systemd/pull/28886
https://github.com/systemd/systemd/releases
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:systemd_project:systemd:253:-:*:*:*:*:*:*

EPSS

Процентиль: 28%

0.001

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-354

Связанные уязвимости

CVE-2023-31438

CVSS3: 5.3

ubuntu

больше 2 лет назад

CVE-2023-31438

CVSS3: 5.3

debian

больше 2 лет назад

An issue was discovered in systemd 253. An attacker can truncate a sea ...

GHSA-m3qw-f5f6-m6r3

CVSS3: 5.3

github

больше 2 лет назад

An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications.

EPSS

Процентиль: 28%

0.001

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-354