CVE-2023-4641

🗓️ 27 Dec 2023 15:43:22Reported by redhatType

CVE-2023-4641: Flaw in shadow-utils allows password retrieva

Reporter	Title	Published	Views	Family All 148
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM webMethods API Management	25 Apr 202510:44	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)	27 May 202523:25	–	ibm
IBM Security Bulletins	Security Bulletin: App Connect Enterprise Certified Container UBI updates	2 Feb 202414:15	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in shadow-utils library (CVE-2023-4641) affects Power HMC.	10 Sep 202415:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Verify Governance - Identity Manager has multiple vulnerabilities	29 Apr 202502:34	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from shadow-utils, procps-ng, containerd, urllib3, nghttp2 and Golang	15 Dec 202307:33	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps	28 Feb 202417:18	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities may affect Ubuntu packages that are shipped with IBM CICS TX Advanced.	16 Jul 202412:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.6.4 fixes multiple security vulnerabilities	15 Dec 202314:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data 4.8.1 has addressed security vulnerabilities	26 Dec 202321:15	–	ibm

NVD

Node

shadow-maint shadow-utilsRange<4.14.0

Node

redhat codeready_linux_builderMatch8.0

redhat codeready_linux_builderMatch9.0

redhat codeready_linux_builder_for_arm64Match8.0_aarch64

redhat codeready_linux_builder_for_arm64Match9.0_aarch64

redhat codeready_linux_builder_for_ibm_z_systemsMatch8.0_s390x

redhat codeready_linux_builder_for_ibm_z_systemsMatch9.0_s390x

redhat codeready_linux_builder_for_power_little_endianMatch8.0_ppc64le

redhat codeready_linux_builder_for_power_little_endianMatch9.0_ppc64le

redhat enterprise_linuxMatch8.0

redhat enterprise_linuxMatch9.0

redhat enterprise_linux_for_arm_64Match8.0

redhat enterprise_linux_for_arm_64Match9.0

redhat enterprise_linux_for_ibm_z_systemsMatch8.0_s390x

redhat enterprise_linux_for_ibm_z_systemsMatch9.0_s390x

redhat enterprise_linux_for_power_little_endianMatch8.0_ppc64le

redhat enterprise_linux_for_power_little_endianMatch9.0_ppc64le

[
  {
    "versions": [
      {
        "status": "unaffected",
        "version": "4.14.0-rc1",
        "lessThan": "*",
        "versionType": "semver"
      }
    ],
    "packageName": "shadow-utils",
    "collectionURL": "https://github.com/shadow-maint/shadow",
    "defaultStatus": "affected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "shadow-utils",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "2:4.6-19.el8",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::crb",
      "cpe:/o:redhat:enterprise_linux:8::baseos"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "shadow-utils",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "2:4.6-17.el8_6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:rhel_eus:8.6::baseos",
      "cpe:/a:redhat:rhel_eus:8.6::crb"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "shadow-utils",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "2:4.6-17.el8_8.2",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:rhel_eus:8.8::baseos",
      "cpe:/a:redhat:rhel_eus:8.8::crb"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "shadow-utils",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "2:4.9-8.el9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::crb",
      "cpe:/o:redhat:enterprise_linux:9::baseos"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "shadow-utils",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "shadow-utils",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/errata/RHSA-2024:0417
access	www.access.redhat.com/errata/RHSA-2023:6632
access	www.access.redhat.com/errata/RHSA-2024:2577
access	www.access.redhat.com/errata/RHSA-2023:7112
access	www.access.redhat.com/security/cve/CVE-2023-4641
lists	www.lists.debian.org/debian-lts-announce/2025/04/msg00026.html

03 Nov 2025 20:16Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.14.7 - 5.5

EPSS0.00015

SSVC