Security Vulnerability in Default Builds of rpm-ostree Exposes Sensitive Authentication Data
CVE-2024-2905
6.2MEDIUM
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Enterprise Linux 9.2 Extended Update Support
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
- Red Hat Openshift Container Platform 4
- Vendor
- CVE Published:
- 25 April 2024
Summary
A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.
Affected Version(s)
Red Hat Enterprise Linux 9.2 Extended Update Support <= 0:2023.3-2.el9_2
CVSS V3.1
Score:
6.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: null to: 6.2 - (MEDIUM)
Vulnerability published.
Reported to Red Hat.
Collectors
NVD DatabaseMitre Database