CVE-2023-31439

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-31439

CGA ID

CGA-mhjv-hvjp-g2g6

Severity

5.3

Medium

CVSS V3

Description

An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

References

https://images.chainguard.dev/security/CGA-mhjv-hvjp-g2g6
https://github.com/advisories/GHSA-mvwm-rcrw-pr2j
https://github.com/kastel-security/Journald
https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf
https://github.com/systemd/systemd/pull/28885
https://github.com/systemd/systemd/releases
https://security-tracker.debian.org/tracker/CVE-2023-31439

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2023-31439

Severity

Description

References

Affected packages

Product

Why Chainguard

Customers

Company

Resources