CVE-2024-23301

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-23301
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23301.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-23301
Downstream
Related
Published
2024-01-12T23:15:10.030Z
Modified
2026-02-04T20:43:49.162620Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.

References

Affected packages

Git / github.com/rear/rear

Affected ranges

Type
GIT
Repo
https://github.com/rear/rear
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
91e671557b4edd0b750582fc4b0b14f0588dc0e9

Affected versions

1.*
1.13.0
1.14
1.15
1.16
1.16.1
1.17.0
1.17.1
1.17.2
1.18
1.19
2.*
2.00
2.2
2.3
2.4
2.5
2.6
2.7
rear-1.*
rear-1.13.0
rear-1.14
rear-1.15
rear-1.16
rear-1.16.1
rear-1.17.0
rear-1.17.1
rear-1.17.2
rear-1.18
rear-1.19
rear-1.7.19
rear-1.7.20
rear-2.*
rear-2.00
rear-2.2
rear-2.3
rear-2.5
rear-2.6
rear-2.7
rear-2.xx

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23301.json"