3 results (0.004 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." • https://github.com/kastel-security/Journald https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf https://github.com/systemd/systemd/pull/28885 https://github.com/systemd/systemd/releases • CWE-354: Improper Validation of Integrity Check Value •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." • https://github.com/kastel-security/Journald https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf https://github.com/systemd/systemd/pull/28886 https://github.com/systemd/systemd/releases • CWE-354: Improper Validation of Integrity Check Value •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." • https://github.com/kastel-security/Journald https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf https://github.com/systemd/systemd/releases • CWE-354: Improper Validation of Integrity Check Value •