CVE-2024-2905

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: rpm-ostree (affected versions not specified)

Description: A security issue has been found in rpm-ostree, related to the /etc/shadow file having the world-readable bit enabled in default builds. This is due to default permissions being set higher than recommended, which could expose sensitive authentication data to unauthorized access. The issue may allow an attacker to gain unauthorized access to authentication data.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

ALSA-2024:3823

AZL-42310

BDU:2024-05542

CVE-2024-2905

GHSA-2M76-CWHG-7WV6

INFSA-2024_3823

RHSA-2024:3401

RHSA-2024:3823

RHSA-2024_3823

Affected Products

Almalinux

Red Hat

Rpm-Ostree

CVE-2024-2905

Weakness Enumeration

Related Identifiers

Affected Products

References · 20