{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-23301", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-01T22:59:32.206Z", "dateReserved": "2024-01-12T00:00:00", "datePublished": "2024-01-12T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-21T03:06:26.641458"}, "descriptions": [{"lang": "en", "value": "Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/rear/rear/issues/3122"}, {"url": "https://github.com/rear/rear/pull/3123"}, {"name": "[debian-lts-announce] 20240203 [SECURITY] [DLA 3733-1] rear security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00003.html"}, {"name": "FEDORA-2024-a2f6e5ddb8", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JIN57LUPBI2GDJOK3PYXNHJTZT3AQTZ/"}, {"name": "FEDORA-2024-49ddbf447d", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHKMPXJNXEJJE6EVYE5HM7EKEJFQMBN7/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.206Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/rear/rear/issues/3122", "tags": ["x_transferred"]}, {"url": "https://github.com/rear/rear/pull/3123", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20240203 [SECURITY] [DLA 3733-1] rear security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00003.html"}, {"name": "FEDORA-2024-a2f6e5ddb8", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JIN57LUPBI2GDJOK3PYXNHJTZT3AQTZ/"}, {"name": "FEDORA-2024-49ddbf447d", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHKMPXJNXEJJE6EVYE5HM7EKEJFQMBN7/"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:relax-and-recover:relax-and-recover:*:*:*:*:*:*:*:*", "matchCriteriaId": "0394E5CF-7545-4E22-8174-5767F1744C92", "versionEndIncluding": "2.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "1607628F-77A7-4C1F-98DF-0DC50AE8627D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root."}, {"lang": "es", "value": "Relax-and-Recover (a.k.a ReaR) hasta 2.7 crea un initrd world-readable cuando se usa GRUB_RESCUE=y. Esto permite a los atacantes locales obtener acceso a secretos del sistema que de otro modo s\u00f3lo ser\u00edan legibles por root."}], "id": "CVE-2024-23301", "lastModified": "2024-02-21T03:15:08.950", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-12T23:15:10.030", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://github.com/rear/rear/issues/3122"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/rear/rear/pull/3123"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00003.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JIN57LUPBI2GDJOK3PYXNHJTZT3AQTZ/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHKMPXJNXEJJE6EVYE5HM7EKEJFQMBN7/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:1719", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "rear-0:2.6-11.el8_9", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-04-09T00:00:00Z"}, {"advisory": "RHSA-2024:1147", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "rear-0:2.6-21.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-03-05T00:00:00Z"}], "bugzilla": {"description": "rear: creates a world-readable initrd", "id": "2258396", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258396"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-359", "details": ["Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.", "A vulnerability has been identified in Relax-and-Recover (ReaR), where the use of GRUB_RESCUE=y results in the creation of an initrd that is readable by anyone. This flaw could potentially enable local attackers to obtain access to system secrets that are typically restricted to root privileges."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-23301", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "rear", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "rear", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2024-01-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-23301\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-23301\nhttps://github.com/rear/rear/issues/3122\nhttps://github.com/rear/rear/pull/3123"], "statement": "A moderate security concern has been identified in Relax-and-Recover (ReaR), particularly when the non-default configuration GRUB_RESCUE=y is used within Red Hat Enterprise Linux (RHEL). This setting results in the creation of a world-readable initrd, potentially providing local attackers an avenue to access system secrets usually restricted to root privileges. It's worth noting that the default initrd created by ReaR does not contain secrets.", "threat_severity": "Moderate"}