Description

A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.

INFO

Published Date :

2024-04-25T17:44:15.985Z

Last Modified :

2025-11-06T22:36:51.733Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-2905 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
  • Openshift
  • Rhel Eus

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact