GRUB2 grub.cfg configuration file is created with the wrong permission (0644) allowing unprivileged users to read grub's configuration file content. This presents a low Confidentiality risk as grub.cfg may contain encrypted passwords.
Created grub2 tracking bugs for this issue:
Affects: fedora-all [bug 2030358]
Upstream patch for this issue:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2022:2110 https://access.redhat.com/errata/RHSA-2022:2110
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):