CVE-2024-23301
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-23301
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23301.json
- Related
- Published
- 2024-01-12T23:15:10Z
- Modified
- 2024-05-14T13:09:03.456163Z
- Summary
- [none]
- Details
-
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
- References
-
- https://github.com/rear/rear/issues/3122
- https://github.com/rear/rear/pull/3123
- https://lists.debian.org/debian-lts-announce/2024/02/msg00003.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JIN57LUPBI2GDJOK3PYXNHJTZT3AQTZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHKMPXJNXEJJE6EVYE5HM7EKEJFQMBN7/
Affected packages
Git / github.com/rear/rear
Affected ranges
- Type
- GIT
- Repo
- https://github.com/rear/rear
- Events
-
Introduced0The exact introduced commit is unknownLast affected
Affected versions
1.*
1.13.0
1.14
1.15
1.16
1.16.1
1.17.0
1.17.1
1.17.2
1.18
1.19
2.*
2.00
2.2
2.3
2.4
2.5
2.6
2.7
rear-1.*
rear-1.13.0
rear-1.14
rear-1.15
rear-1.16
rear-1.16.1
rear-1.17.0
rear-1.17.1
rear-1.17.2
rear-1.18
rear-1.19
rear-1.7.19
rear-1.7.20
rear-2.*
rear-2.00
rear-2.2
rear-2.3
rear-2.5
rear-2.6
rear-2.7
rear-2.xx