CVE-2023-31438
First published: Tue Jun 13 2023(Updated: )
** DISPUTED ** An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Systemd Project Systemd | =253 | |
| =253 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID of the vulnerability?
The CVE ID of this vulnerability is CVE-2023-31438.
What is the severity of CVE-2023-31438?
The severity of CVE-2023-31438 is medium with a CVSS score of 5.3.
What software is affected by CVE-2023-31438?
The software affected by CVE-2023-31438 is Systemd version 253.
How can an attacker exploit CVE-2023-31438?
An attacker can truncate a sealed log file and then resume log sealing to hide modifications.
Are there any references for CVE-2023-31438?
Yes, you can find references for CVE-2023-31438 at the following links: [link1](https://github.com/kastel-security/Journald), [link2](https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf), [link3](https://github.com/systemd/systemd/releases).
- collector/nvd-index
- collector/mitre-cve
- agent/references
- agent/author
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/status
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- status/disputed
- vendor/systemd project
- canonical/systemd project systemd
- version/systemd project systemd/253