A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.
Fixes

Solution

No solution given by the vendor.


Workaround

If you need to apply the fix immediately, you can run the following commands, using credentials that have administrator access to an OpenShift cluster: # List current permissions for all nodes for node in $( oc get nodes -oname) ; do echo $node ; oc debug $node -- bash -c "ls -alhZ /host/etc/*shadow*"; done # Set correct permissions for node in $( oc get nodes -oname) ; do echo $node ; oc debug $node -- chmod --verbose 0000 /host/etc/shadow /host/etc/gshadow /host/etc/shadow- /host/etc/gshadow-; done As a precaution, we recommend rotating all user credentials stored in those files.

History

Thu, 29 May 2025 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.0
References

Wed, 21 May 2025 04:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10

Sun, 24 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-30T13:14:43.827Z

Reserved: 2024-03-26T11:53:25.040Z

Link: CVE-2024-2905

cve-icon Vulnrichment

Updated: 2024-08-01T19:25:42.154Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-25T18:15:08.037

Modified: 2025-05-29T18:15:23.193

Link: CVE-2024-2905

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-04-09T11:00:00Z

Links: CVE-2024-2905 - Bugzilla

cve-icon OpenCVE Enrichment

No data.