modules/luksbootkeyfile/main.py in Calamares through 3.2.4 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set.
Created calamares tracking bugs for this issue:
Affects: fedora-all [bug 1726566]
I will prepare an update when upstream releases a release with the fix, which should happen this week.
Please note that the upstream version numbers in both CVEs are incorrect, all versions of Calamares up to and including 3.2.10 are affected.
Please note that MITRE has updated the CVEs to reflect proper affected versions, and Calamares upstream has released a fix in version 3.2.11
Right. I have already queued Calamares 3.2.11 updates for Fedora 29 and 30 (and built it for Rawhide, too, of course), see bug #1726566.