A vulnerability has been identified in rpm-ostree, where /etc/shadow file in a default build has the world-readable bit enabled. It is due to higher permissions enabled by default than recommended. https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 https://issues.redhat.com/browse/OCPBUGS-30732
Created rpm-ostree tracking bugs for this issue: Affects: fedora-all [bug 2274140]
FEDORA-2024-4afd3d38ae (rpm-ostree-2024.4-6.fc39) has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.