Anonymous connection In rpm-ostree
Description
A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 rpm rhel9 | 0:2024.3-3.el9_4 | ||
rpm rhel9.2 | 0:2023.3-2.el9_2 | ||
rpm rhel10 | 0:2025.5-1.el10 |
Aliases
1. 2. 3.