Unknown · Rpm-Ostree · CVE-2024-2905
Name of the Vulnerable Software and Affected Versions:
rpm-ostree (affected versions not specified)
Description:
A security issue has been found in rpm-ostree, related to the /etc/shadow file having the world-readable bit enabled in default builds. This is due to default permissions being set higher than recommended, which could expose sensitive authentication data to unauthorized access. The issue may allow an attacker to gain unauthorized access to authentication data.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.