Description
A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.
References (8)
Core 8
Core References
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/GXY3JLZC645RGFTFWSXPCYM2VWUGIDY5/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/ULCEMTHAQ3GRGL4G2ZQDX43A67P6UXQH/
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHBA-2025:4872
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:3401
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:3823
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2024-2905
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2271585
Scores
CVSS v3
6.2
EPSS
0.0002
EPSS Percentile
3.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-732
Status
published
Products (5)
Red Hat/Red Hat Enterprise Linux 10
0:2025.5-1.el10
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 9
0:2024.3-3.el9_4
Red Hat/Red Hat Enterprise Linux 9.2 Extended Update Support
0:2023.3-2.el9_2
Red Hat/Red Hat OpenShift Container Platform 4
Published
Apr 25, 2024
Tracked Since
Feb 18, 2026