CVE-2024-2905

{"id": "CVE-2024-2905", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.5}]}, "published": "2024-04-25T18:15:08.037", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:3401", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3823", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-2905", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271585", "source": "secalert@redhat.com"}, {"url": "https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad de seguridad en rpm-ostree, relacionada con el archivo /etc/shadow en compilaciones predeterminadas que tienen habilitado el bit de lectura mundial. Este problema surge porque los permisos predeterminados se establecen en un nivel superior al recomendado, lo que potencialmente expone los datos de autenticaci\u00f3n confidenciales a un acceso no autorizado."}], "lastModified": "2024-06-12T09:15:17.483", "sourceIdentifier": "secalert@redhat.com"}