A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.
References
Configurations
No configuration.
History
21 Nov 2024, 09:10
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://access.redhat.com/errata/RHSA-2024:3401 - | |
| References | () https://access.redhat.com/errata/RHSA-2024:3823 - | |
| References | () https://access.redhat.com/security/cve/CVE-2024-2905 - | |
| References | () https://bugzilla.redhat.com/show_bug.cgi?id=2271585 - | |
| References | () https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 - |
12 Jun 2024, 09:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
28 May 2024, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
26 Apr 2024, 12:58
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-04-25 18:15
Updated : 2024-11-21 09:10
NVD link : CVE-2024-2905
Mitre link : CVE-2024-2905
CVE.ORG link : CVE-2024-2905
JSON object : View
Products Affected
No product.
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource