Medium severity6.2NVD Advisory· Published Apr 25, 2024· Updated Apr 15, 2026
CVE-2024-2905
CVE-2024-2905
Description
A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- access.redhat.com/errata/RHBA-2025:4872nvd
- access.redhat.com/errata/RHSA-2024:3401nvd
- access.redhat.com/errata/RHSA-2024:3823nvd
- access.redhat.com/security/cve/CVE-2024-2905nvd
- bugzilla.redhat.com/show_bug.cginvd
- github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXY3JLZC645RGFTFWSXPCYM2VWUGIDY5/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULCEMTHAQ3GRGL4G2ZQDX43A67P6UXQH/nvd
News mentions
0No linked articles in our index yet.