{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2905", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-03-26T11:53:25.040Z", "datePublished": "2024-04-25T17:44:15.985Z", "dateUpdated": "2024-11-24T15:24:31.882Z"}, "containers": {"cna": {"title": "Rpm-ostree: world-readable /etc/shadow file", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rpm-ostree", "defaultStatus": "affected", "versions": [{"version": "0:2024.3-3.el9_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rpm-ostree", "defaultStatus": "affected", "versions": [{"version": "0:2023.3-2.el9_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rpm-ostree", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rpm-ostree", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:3401", "name": "RHSA-2024:3401", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3823", "name": "RHSA-2024:3823", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-2905", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271585", "name": "RHBZ#2271585", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6"}], "datePublic": "2024-04-09T11:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-732: Incorrect Permission Assignment for Critical Resource", "workarounds": [{"lang": "en", "value": "If you need to apply the fix immediately, you can run the following commands, using credentials that have administrator access to an OpenShift cluster:\n\n# List current permissions for all nodes\nfor node in $( oc get nodes -oname) ; do echo $node ; oc debug $node -- bash -c \"ls -alhZ /host/etc/*shadow*\"; done\n\n# Set correct permissions\nfor node in $( oc get nodes -oname) ; do echo $node ; oc debug $node -- chmod --verbose 0000 /host/etc/shadow /host/etc/gshadow /host/etc/shadow- /host/etc/gshadow-; done\n\nAs a precaution, we recommend rotating all user credentials stored in those files."}], "timeline": [{"lang": "en", "time": "2024-03-26T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-04-09T11:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-24T15:24:31.882Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2905", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-25T19:10:45.667596Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:29:28.680Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:25:42.154Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:3401", "name": "RHSA-2024:3401", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3823", "name": "RHSA-2024:3823", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-2905", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271585", "name": "RHBZ#2271585", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:3401", "name": "RHSA-2024:3401", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3823", "name": "RHSA-2024:3823", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-2905", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271585", "name": "RHBZ#2271585", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:25:42.154Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2905", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-25T19:10:45.667596Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-25T19:11:32.249Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Rpm-ostree: world-readable /etc/shadow file", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:2024.3-3.el9_4", "lessThan": "*", "versionType": "rpm"}], "packageName": "rpm-ostree", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:2023.3-2.el9_2", "lessThan": "*", "versionType": "rpm"}], "packageName": "rpm-ostree", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "rpm-ostree", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "rpm-ostree", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-03-26T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-04-09T11:00:00+00:00", "value": "Made public."}], "datePublic": "2024-04-09T11:00:00+00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:3401", "name": "RHSA-2024:3401", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3823", "name": "RHSA-2024:3823", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-2905", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271585", "name": "RHBZ#2271585", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6"}], "workarounds": [{"lang": "en", "value": "If you need to apply the fix immediately, you can run the following commands, using credentials that have administrator access to an OpenShift cluster:\n\n# List current permissions for all nodes\nfor node in $( oc get nodes -oname) ; do echo $node ; oc debug $node -- bash -c \"ls -alhZ /host/etc/*shadow*\"; done\n\n# Set correct permissions\nfor node in $( oc get nodes -oname) ; do echo $node ; oc debug $node -- chmod --verbose 0000 /host/etc/shadow /host/etc/gshadow /host/etc/shadow- /host/etc/gshadow-; done\n\nAs a precaution, we recommend rotating all user credentials stored in those files."}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-24T15:24:31.882Z"}, "x_redhatCweChain": "CWE-732: Incorrect Permission Assignment for Critical Resource"}}, "cveMetadata": {"cveId": "CVE-2024-2905", "state": "PUBLISHED", "dateUpdated": "2024-11-24T15:24:31.882Z", "dateReserved": "2024-03-26T11:53:25.040Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-04-25T17:44:15.985Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad de seguridad en rpm-ostree, relacionada con el archivo /etc/shadow en compilaciones predeterminadas que tienen habilitado el bit de lectura mundial. Este problema surge porque los permisos predeterminados se establecen en un nivel superior al recomendado, lo que potencialmente expone los datos de autenticaci\u00f3n confidenciales a un acceso no autorizado."}], "id": "CVE-2024-2905", "lastModified": "2024-11-21T09:10:48.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-04-25T18:15:08.037", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3401"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3823"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-2905"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271585"}, {"source": "secalert@redhat.com", "url": "https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:3401"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:3823"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/security/cve/CVE-2024-2905"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271585"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3823", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "rpm-ostree-0:2024.3-3.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-06-11T00:00:00Z"}, {"advisory": "RHSA-2024:3401", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "rpm-ostree-0:2023.3-2.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-05-28T00:00:00Z"}], "bugzilla": {"description": "rpm-ostree: world-readable /etc/shadow file", "id": "2271585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271585"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-732", "details": ["A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.", "A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access."], "mitigation": {"lang": "en:us", "value": "If you need to apply the fix immediately, you can run the following commands, using credentials that have administrator access to an OpenShift cluster:\n# List current permissions for all nodes\nfor node in $( oc get nodes -oname) ; do echo $node ; oc debug $node -- bash -c \"ls -alhZ /host/etc/*shadow*\"; done\n# Set correct permissions\nfor node in $( oc get nodes -oname) ; do echo $node ; oc debug $node -- chmod --verbose 0000 /host/etc/shadow /host/etc/gshadow /host/etc/shadow- /host/etc/gshadow-; done\nAs a precaution, we recommend rotating all user credentials stored in those files."}, "name": "CVE-2024-2905", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "rpm-ostree", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "rpm-ostree", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2024-04-09T11:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-2905\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-2905\nhttps://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6"], "statement": "This vulnerability lets local, unconfined applications read the hashed password for all users of the system from those files. To gain further access to the system, those hashed passwords need to be brute-forced to discover the real passwords that may be used to authenticate as a more privileged user on the system, for example over SSH.\nOn systems with SELinux enabled and in enforcing mode, access to those files is limited to unconfined (usually interactive) users, unconfined systemd services and privileged containers. Confined daemons, users and containers are not able to access them.\nOnly OpenShift clusters installed on OCP version 4.14 and later are affected.\nOpenShift Clusters installed on previous OCP releases or updated to 4.14 and later are not affected, because /etc/shadow is usually \u201clocally modified\u201d and the local version remains.\nClusters with no passwords set for any users (i.e. only SSH keys were used; the OpenShift default) are not impacted by this vulnerability even though it is present on the node.", "threat_severity": "Moderate", "upstream_fix": "rpm-ostree 2024.4"}