Untriaged
Permalink
CVE-2024-2905
6.2 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
Rpm-ostree: world-readable /etc/shadow file
A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.
References
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry
- RHBZ#2271585 issue-tracking x_refsource_REDHAT
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry
- RHBZ#2271585 issue-tracking x_refsource_REDHAT
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry
- RHBZ#2271585 issue-tracking x_refsource_REDHAT
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry
- RHBZ#2271585 issue-tracking x_refsource_REDHAT
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry
- RHBZ#2271585 issue-tracking x_refsource_REDHAT
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry
- RHBZ#2271585 issue-tracking x_refsource_REDHAT
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2271585 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 x_transferred
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry
- RHBZ#2271585 issue-tracking x_refsource_REDHAT
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2271585 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 x_transferred
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry
- RHBZ#2271585 issue-tracking x_refsource_REDHAT
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2271585 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 x_transferred
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry
- RHBZ#2271585 issue-tracking x_refsource_REDHAT
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2271585 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 x_transferred
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry
- RHBZ#2271585 issue-tracking x_refsource_REDHAT
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2271585 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 x_transferred
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry
- RHBZ#2271585 issue-tracking x_refsource_REDHAT
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2271585 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 x_transferred
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry
- RHBZ#2271585 issue-tracking x_refsource_REDHAT
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2271585 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 x_transferred
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry
- RHBZ#2271585 issue-tracking x_refsource_REDHAT
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2271585 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 x_transferred
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry
- RHBZ#2271585 issue-tracking x_refsource_REDHAT
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2271585 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 x_transferred
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry
- RHBZ#2271585 issue-tracking x_refsource_REDHAT
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
- RHBA-2025:4872 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2271585 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 x_transferred
- RHBA-2025:4872 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry
- RHBZ#2271585 issue-tracking x_refsource_REDHAT
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2271585 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 x_transferred
- RHBA-2025:4872 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry
- RHBZ#2271585 issue-tracking x_refsource_REDHAT
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2271585 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 x_transferred
- RHBA-2025:4872 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry
- RHBZ#2271585 issue-tracking x_refsource_REDHAT
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- RHSA-2024:3401 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3823 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-2905 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2271585 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 x_transferred
Affected products
rpm-ostree
- ==1.2024.4
- *
Matching in nixpkgs
pkgs.rpm-ostree
Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model
-
nixos-unstable -
- nixpkgs-unstable 2024.8