Lucene search

K
redhatRedHatRHSA-2024:0417
HistoryJan 24, 2024 - 2:40 p.m.

(RHSA-2024:0417) Low: shadow-utils security update

2024-01-2414:40:25
access.redhat.com
16
rhsa-2024-0417
low
security update
password leak
cvss score
references
unix

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

Low

EPSS

0

Percentile

10.3%

The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts.

Security Fix(es):

  • shadow-utils: possible password leak during passwd(1) change (CVE-2023-4641)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

Low

EPSS

0

Percentile

10.3%