Search criteria
27 vulnerabilities by nixos
CVE-2025-64766 (GCVE-0-2025-64766)
Vulnerability from cvelistv5 – Published: 2025-11-17 21:38 – Updated: 2025-11-17 21:49
VLAI?
Summary
NixOS's Onlyoffice is a software suite that offers online and offline tools for document editing, collaboration, and management. In versions from 22.11 to before 25.05 and versions before Unstable 25.11, a hard-coded secret was used in the NixOS module for the OnlyOffice document server to protect its file cache. An attacker with knowledge of an existing revision ID could use this secret to obtain a document. In practice, an arbitrary revision ID should be hard to obtain. The primary impact is likely the access to known documents from users with expired access. This issue was resolved in NixOS unstable version 25.11 and version 25.05.
Severity ?
5.3 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T21:49:18.344553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T21:49:28.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nixpkgs",
"vendor": "NixOS",
"versions": [
{
"status": "affected",
"version": "\u003e= 22.11, \u003c 25.05"
},
{
"status": "affected",
"version": "\u003c Unstable 25.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NixOS\u0027s Onlyoffice is a software suite that offers online and offline tools for document editing, collaboration, and management. In versions from 22.11 to before 25.05 and versions before Unstable 25.11, a hard-coded secret was used in the NixOS module for the OnlyOffice document server to protect its file cache. An attacker with knowledge of an existing revision ID could use this secret to obtain a document. In practice, an arbitrary revision ID should be hard to obtain. The primary impact is likely the access to known documents from users with expired access. This issue was resolved in NixOS unstable version 25.11 and version 25.05."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T21:38:10.023Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NixOS/nixpkgs/security/advisories/GHSA-58m4-5wg3-5g5v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/nixpkgs/security/advisories/GHSA-58m4-5wg3-5g5v"
},
{
"name": "https://github.com/NixOS/nixpkgs/pull/462100",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nixpkgs/pull/462100"
},
{
"name": "https://github.com/NixOS/nixpkgs/pull/462204",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nixpkgs/pull/462204"
},
{
"name": "https://github.com/NixOS/nixpkgs/commit/8e74d05e3de4ee5ad320cd585a7e0f12a4730869",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nixpkgs/commit/8e74d05e3de4ee5ad320cd585a7e0f12a4730869"
},
{
"name": "https://github.com/NixOS/nixpkgs/commit/cec38dec00df26a901eb8b424d53bbb3bcc72eec",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nixpkgs/commit/cec38dec00df26a901eb8b424d53bbb3bcc72eec"
}
],
"source": {
"advisory": "GHSA-58m4-5wg3-5g5v",
"discovery": "UNKNOWN"
},
"title": "NixOS has hardcoded credentials in Onlyoffice module"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64766",
"datePublished": "2025-11-17T21:38:10.023Z",
"dateReserved": "2025-11-10T22:29:34.877Z",
"dateUpdated": "2025-11-17T21:49:28.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54864 (GCVE-0-2025-54864)
Vulnerability from cvelistv5 – Published: 2025-08-12 15:48 – Updated: 2025-08-12 16:06
VLAI?
Summary
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be very taxing on the infrastructure when large evaluations are done, introducing potential denial of service attacks on the host running the evaluator. This issue has been patched by commit f7bda02. A workaround involves blocking /api/push-github and /api/push-gitea via a reverse proxy.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T16:06:19.923283Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T16:06:33.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hydra",
"vendor": "NixOS",
"versions": [
{
"status": "affected",
"version": "\u003c f7bda020c6144913f134ec616783e57817f7686f"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be very taxing on the infrastructure when large evaluations are done, introducing potential denial of service attacks on the host running the evaluator. This issue has been patched by commit f7bda02. A workaround involves blocking /api/push-github and /api/push-gitea via a reverse proxy."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:48:54.115Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NixOS/hydra/security/advisories/GHSA-qpq3-646c-vgx9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/hydra/security/advisories/GHSA-qpq3-646c-vgx9"
},
{
"name": "https://github.com/NixOS/hydra/commit/f7bda020c6144913f134ec616783e57817f7686f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/hydra/commit/f7bda020c6144913f134ec616783e57817f7686f"
}
],
"source": {
"advisory": "GHSA-qpq3-646c-vgx9",
"discovery": "UNKNOWN"
},
"title": "Hydra missing authentication when triggering evaluations through GitHub and Gitea plugins"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54864",
"datePublished": "2025-08-12T15:48:54.115Z",
"dateReserved": "2025-07-31T17:23:33.472Z",
"dateUpdated": "2025-08-12T16:06:33.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54800 (GCVE-0-2025-54800)
Vulnerability from cvelistv5 – Published: 2025-08-12 15:47 – Updated: 2025-08-12 15:57
VLAI?
Summary
Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-party project as part of its build process. This also happens in other places like with hydra-release-name. This issue has been patched by commit dea1e16. A workaround involves either not building untrusted packages or not visiting the builds page.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:57:19.787030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:57:41.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hydra",
"vendor": "NixOS",
"versions": [
{
"status": "affected",
"version": "\u003c dea1e168f590efb27db32dbacc82b09e15f8ae4b"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client\u0027s browser when anyone visits the build page. This could be done by a third-party project as part of its build process. This also happens in other places like with hydra-release-name. This issue has been patched by commit dea1e16. A workaround involves either not building untrusted packages or not visiting the builds page."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:47:11.337Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NixOS/hydra/security/advisories/GHSA-7qwg-q53v-vh99",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/hydra/security/advisories/GHSA-7qwg-q53v-vh99"
},
{
"name": "https://github.com/NixOS/hydra/commit/dea1e168f590efb27db32dbacc82b09e15f8ae4b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/hydra/commit/dea1e168f590efb27db32dbacc82b09e15f8ae4b"
}
],
"source": {
"advisory": "GHSA-7qwg-q53v-vh99",
"discovery": "UNKNOWN"
},
"title": "Hydra persistent XSS in build metrics"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54800",
"datePublished": "2025-08-12T15:47:11.337Z",
"dateReserved": "2025-07-29T16:50:28.395Z",
"dateUpdated": "2025-08-12T15:57:41.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53819 (GCVE-0-2025-53819)
Vulnerability from cvelistv5 – Published: 2025-07-14 20:42 – Updated: 2025-07-15 19:50
VLAI?
Summary
Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges (root), instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available.
Severity ?
7.9 (High)
CWE
- CWE-271 - Privilege Dropping / Lowering Errors
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-15T13:55:22.262473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T19:50:28.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nix",
"vendor": "NixOS",
"versions": [
{
"status": "affected",
"version": "= 2.30.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges (root), instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-271",
"description": "CWE-271: Privilege Dropping / Lowering Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T20:42:12.818Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NixOS/nix/security/advisories/GHSA-qc7j-jgf3-qmhg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/nix/security/advisories/GHSA-qc7j-jgf3-qmhg"
},
{
"name": "https://github.com/NixOS/nix/pull/13281",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nix/pull/13281"
},
{
"name": "https://github.com/NixOS/nix/pull/13455",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nix/pull/13455"
},
{
"name": "https://github.com/NixOS/nix/commit/e2ef2cfcbc83ea01308ee64c38a58707ab23dec3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nix/commit/e2ef2cfcbc83ea01308ee64c38a58707ab23dec3"
}
],
"source": {
"advisory": "GHSA-qc7j-jgf3-qmhg",
"discovery": "UNKNOWN"
},
"title": "Nix\u0027s privilege dropping to build user broke for macOS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53819",
"datePublished": "2025-07-14T20:42:12.818Z",
"dateReserved": "2025-07-09T14:14:52.529Z",
"dateUpdated": "2025-07-15T19:50:28.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46415 (GCVE-0-2025-46415)
Vulnerability from cvelistv5 – Published: 2025-06-27 00:00 – Updated: 2025-06-27 19:57
VLAI?
Summary
A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.
Severity ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46415",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T19:57:42.327675Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T19:57:56.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nix",
"vendor": "NixOS",
"versions": [
{
"lessThan": "2.24.15",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2.26.4",
"status": "affected",
"version": "2.25.0",
"versionType": "semver"
},
{
"lessThan": "2.28.4",
"status": "affected",
"version": "2.27.0",
"versionType": "semver"
},
{
"lessThan": "2.29.1",
"status": "affected",
"version": "2.29.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.24.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.26.4",
"versionStartIncluding": "2.25.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.28.4",
"versionStartIncluding": "2.27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.29.1",
"versionStartIncluding": "2.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T13:23:22.298Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017"
},
{
"url": "https://lix.systems/blog/2025-06-24-lix-cves/"
},
{
"url": "https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/"
},
{
"url": "https://labs.snyk.io"
},
{
"url": "https://security.snyk.io/vuln/?search=CVE-2025-46415"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2025-46415"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46415",
"datePublished": "2025-06-27T00:00:00.000Z",
"dateReserved": "2025-04-24T00:00:00.000Z",
"dateUpdated": "2025-06-27T19:57:56.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52992 (GCVE-0-2025-52992)
Vulnerability from cvelistv5 – Published: 2025-06-27 00:00 – Updated: 2025-06-27 15:18
VLAI?
Summary
The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52992",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T15:17:46.777042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T15:18:30.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nix",
"vendor": "NixOS",
"versions": [
{
"lessThan": "2.24.15",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2.26.4",
"status": "affected",
"version": "2.25.0",
"versionType": "semver"
},
{
"lessThan": "2.28.4",
"status": "affected",
"version": "2.27.0",
"versionType": "semver"
},
{
"lessThan": "2.29.1",
"status": "affected",
"version": "2.29.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.24.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.26.4",
"versionStartIncluding": "2.25.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.28.4",
"versionStartIncluding": "2.27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.29.1",
"versionStartIncluding": "2.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T13:33:22.543Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017"
},
{
"url": "https://lix.systems/blog/2025-06-24-lix-cves/"
},
{
"url": "https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/"
},
{
"url": "https://labs.snyk.io"
},
{
"url": "https://security.snyk.io/vuln/?search=CVE-2025-52992"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2025-52992"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-52992",
"datePublished": "2025-06-27T00:00:00.000Z",
"dateReserved": "2025-06-23T00:00:00.000Z",
"dateUpdated": "2025-06-27T15:18:30.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52993 (GCVE-0-2025-52993)
Vulnerability from cvelistv5 – Published: 2025-06-27 00:00 – Updated: 2025-06-27 15:04
VLAI?
Summary
A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user (e.g., nixbld* or guixbuild*). This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.
Severity ?
5.6 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52993",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T14:59:31.536727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T15:04:24.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nix",
"vendor": "NixOS",
"versions": [
{
"lessThan": "2.24.15",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2.26.4",
"status": "affected",
"version": "2.25.0",
"versionType": "semver"
},
{
"lessThan": "2.28.4",
"status": "affected",
"version": "2.27.0",
"versionType": "semver"
},
{
"lessThan": "2.29.1",
"status": "affected",
"version": "2.29.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.24.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.26.4",
"versionStartIncluding": "2.25.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.28.4",
"versionStartIncluding": "2.27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.29.1",
"versionStartIncluding": "2.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user (e.g., nixbld* or guixbuild*). This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T13:36:03.468Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017"
},
{
"url": "https://lix.systems/blog/2025-06-24-lix-cves/"
},
{
"url": "https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/"
},
{
"url": "https://labs.snyk.io"
},
{
"url": "https://security.snyk.io/vuln/?search=CVE-2025-52993"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2025-52993"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-52993",
"datePublished": "2025-06-27T00:00:00.000Z",
"dateReserved": "2025-06-23T00:00:00.000Z",
"dateUpdated": "2025-06-27T15:04:24.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52991 (GCVE-0-2025-52991)
Vulnerability from cvelistv5 – Published: 2025-06-27 00:00 – Updated: 2025-06-27 15:46
VLAI?
Summary
The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data manipulation. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52991",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T15:21:20.719431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T15:46:39.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nix",
"vendor": "NixOS",
"versions": [
{
"lessThan": "2.24.15",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2.26.4",
"status": "affected",
"version": "2.25.0",
"versionType": "semver"
},
{
"lessThan": "2.28.4",
"status": "affected",
"version": "2.27.0",
"versionType": "semver"
},
{
"lessThan": "2.29.1",
"status": "affected",
"version": "2.29.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.24.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.26.4",
"versionStartIncluding": "2.25.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.28.4",
"versionStartIncluding": "2.27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.29.1",
"versionStartIncluding": "2.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data manipulation. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T13:30:32.480Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017"
},
{
"url": "https://lix.systems/blog/2025-06-24-lix-cves/"
},
{
"url": "https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/"
},
{
"url": "https://security.snyk.io/vuln/?search=CVE-2025-52991"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2025-52991"
},
{
"url": "https://labs.snyk.io"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-52991",
"datePublished": "2025-06-27T00:00:00.000Z",
"dateReserved": "2025-06-23T00:00:00.000Z",
"dateUpdated": "2025-06-27T15:46:39.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46416 (GCVE-0-2025-46416)
Vulnerability from cvelistv5 – Published: 2025-06-27 00:00 – Updated: 2025-06-27 15:49
VLAI?
Summary
The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user account (e.g., nixbld or guixbuild). This affects Nix through 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix through 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.
Severity ?
CWE
- CWE-282 - Improper Ownership Management
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46416",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T15:48:56.617817Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T15:49:08.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Nix",
"vendor": "NixOS",
"versions": [
{
"lessThanOrEqual": "2.24.15",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.26.4",
"status": "affected",
"version": "2.25.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.28.4",
"status": "affected",
"version": "2.27.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.29.1",
"status": "affected",
"version": "2.29.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.24.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.26.4",
"versionStartIncluding": "2.25.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.28.4",
"versionStartIncluding": "2.27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.29.1",
"versionStartIncluding": "2.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user account (e.g., nixbld or guixbuild). This affects Nix through 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix through 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-282",
"description": "CWE-282 Improper Ownership Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T13:27:26.570Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017"
},
{
"url": "https://lix.systems/blog/2025-06-24-lix-cves/"
},
{
"url": "https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/"
},
{
"url": "https://labs.snyk.io"
},
{
"url": "https://security.snyk.io/vuln/?search=CVE-2025-46416"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2025-46416"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46416",
"datePublished": "2025-06-27T00:00:00.000Z",
"dateReserved": "2025-04-24T00:00:00.000Z",
"dateUpdated": "2025-06-27T15:49:08.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32435 (GCVE-0-2025-32435)
Vulnerability from cvelistv5 – Published: 2025-04-15 22:19 – Updated: 2025-04-16 13:32
VLAI?
Summary
Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users respectively.
Severity ?
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T13:32:43.320086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T13:32:55.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hydra",
"vendor": "NixOS",
"versions": [
{
"status": "affected",
"version": "\u003c 8d750265135b7e203520036a742afdf301b4013f"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users respectively."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T22:19:46.856Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NixOS/hydra/security/advisories/GHSA-j7w7-965w-vjxw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/hydra/security/advisories/GHSA-j7w7-965w-vjxw"
},
{
"name": "https://github.com/NixOS/nixpkgs/pull/397919",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nixpkgs/pull/397919"
},
{
"name": "https://github.com/NixOS/hydra/commit/8d750265135b7e203520036a742afdf301b4013f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/hydra/commit/8d750265135b7e203520036a742afdf301b4013f"
},
{
"name": "https://github.com/nix-community/nix-eval-jobs/releases/tag/v2.28.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nix-community/nix-eval-jobs/releases/tag/v2.28.1"
}
],
"source": {
"advisory": "GHSA-j7w7-965w-vjxw",
"discovery": "UNKNOWN"
},
"title": "Hydra no restricted eval after nix-eval-jobs migration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-32435",
"datePublished": "2025-04-15T22:19:46.856Z",
"dateReserved": "2025-04-08T10:54:58.368Z",
"dateUpdated": "2025-04-16T13:32:55.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32438 (GCVE-0-2025-32438)
Vulnerability from cvelistv5 – Published: 2025-04-15 19:57 – Updated: 2025-04-15 20:08
VLAI?
Summary
make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled (the default) a local user is able to create a program that will be executed by root during shutdown. Patches exist for NixOS 24.11 and 25.05 / unstable. As a workaround, set systemd.shutdownRamfs.enable = false;.
Severity ?
8.8 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32438",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T20:08:46.640080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T20:08:58.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nixpkgs",
"vendor": "NixOS",
"versions": [
{
"status": "affected",
"version": "\u003c b17590193d8e5697000c23c66afcf11e1753734d"
},
{
"status": "affected",
"version": "\u003c fbf76bf72b161b9f4ab97704a8258776d5f3ffba"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled (the default) a local user is able to create a program that will be executed by root during shutdown. Patches exist for NixOS 24.11 and 25.05 / unstable. As a workaround, set systemd.shutdownRamfs.enable = false;."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-378",
"description": "CWE-378: Creation of Temporary File With Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "CWE-379: Creation of Temporary File in Directory with Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T19:57:04.668Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NixOS/nixpkgs/security/advisories/GHSA-m7pq-h9p4-8rr4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/nixpkgs/security/advisories/GHSA-m7pq-h9p4-8rr4"
},
{
"name": "https://github.com/NixOS/nixpkgs/commit/b17590193d8e5697000c23c66afcf11e1753734d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nixpkgs/commit/b17590193d8e5697000c23c66afcf11e1753734d"
},
{
"name": "https://github.com/NixOS/nixpkgs/commit/fbf76bf72b161b9f4ab97704a8258776d5f3ffba",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nixpkgs/commit/fbf76bf72b161b9f4ab97704a8258776d5f3ffba"
}
],
"source": {
"advisory": "GHSA-m7pq-h9p4-8rr4",
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation in make-initrd-ng"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-32438",
"datePublished": "2025-04-15T19:57:04.668Z",
"dateReserved": "2025-04-08T10:54:58.368Z",
"dateUpdated": "2025-04-15T20:08:58.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12084 (GCVE-0-2024-12084)
Vulnerability from cvelistv5 – Published: 2025-01-15 14:16 – Updated: 2025-11-06 20:52
VLAI?
Summary
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
Severity ?
9.8 (Critical)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Affected:
3.2.7
Affected: 3.3.0 |
||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12084",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T04:55:11.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:52:08.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/14/6"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250131-0002/"
},
{
"url": "https://www.kb.cert.org/vuls/id/952657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/RsyncProject/rsync",
"defaultStatus": "unaffected",
"packageName": "rsync",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.3.0"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.4.1-2.el10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."
}
],
"datePublic": "2025-01-14T15:06:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Critical"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T20:52:27.377Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHBA-2025:6470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2025:6470"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-12084"
},
{
"name": "RHBZ#2330527",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330527"
},
{
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-05T09:32:44.653000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-01-14T15:06:00+00:00",
"value": "Made public."
}
],
"title": "Rsync: heap buffer overflow in rsync due to improper checksum length handling",
"workarounds": [
{
"lang": "en",
"value": "Red Hat recommends filtering untrusted connections to Rsync via firewall rules on the host and on network firewall appliances.\n\nAdditionally, systems which only need to provide remote Rsync access to users with known identities can enable authentication using the ```auth users``` parameter in their rsyncd configuration file (rsyncd.conf). \n\nSystems that provide anonymous read access to hosted files via Rsync, such as mirror hosts, do not have reasonable mitigation options available. We strongly urge operators using vulnerable versions of Rsync to update as soon as possible."
}
],
"x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-12084",
"datePublished": "2025-01-15T14:16:35.363Z",
"dateReserved": "2024-12-03T08:57:42.580Z",
"dateUpdated": "2025-11-06T20:52:27.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12087 (GCVE-0-2024-12087)
Vulnerability from cvelistv5 – Published: 2025-01-14 17:57 – Updated: 2025-11-06 21:50
VLAI?
Summary
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.
Severity ?
6.5 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Affected:
0 , ≤ 3.3.0
(semver)
|
||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
Credits
Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12087",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:12:12.897301Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T14:12:41.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:52:17.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250131-0002/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html"
},
{
"url": "https://www.kb.cert.org/vuls/id/952657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/RsyncProject/rsync",
"defaultStatus": "unaffected",
"packageName": "rsync",
"versions": [
{
"lessThanOrEqual": "3.3.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.3-21.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.2.5-3.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.2.5-3.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:1.14::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-ui-rhel9",
"product": "Red Hat Discovery 1.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."
}
],
"datePublic": "2025-01-14T15:06:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client\u0027s intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T21:50:31.684Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:2600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2600"
},
{
"name": "RHSA-2025:7050",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7050"
},
{
"name": "RHSA-2025:8385",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-12087"
},
{
"name": "RHBZ#2330672",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330672"
},
{
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-05T21:23:24.139000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-01-14T15:06:00+00:00",
"value": "Made public."
}
],
"title": "Rsync: path traversal vulnerability in rsync",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-12087",
"datePublished": "2025-01-14T17:57:33.927Z",
"dateReserved": "2024-12-03T08:58:04.170Z",
"dateUpdated": "2025-11-06T21:50:31.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12088 (GCVE-0-2024-12088)
Vulnerability from cvelistv5 – Published: 2025-01-14 17:38 – Updated: 2025-11-06 21:50
VLAI?
Summary
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
Severity ?
6.5 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Affected:
0 , ≤ 3.3.0
(semver)
|
||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
Credits
Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12088",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:13:08.347346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T14:13:22.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:52:20.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250131-0002/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html"
},
{
"url": "https://www.kb.cert.org/vuls/id/952657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/RsyncProject/rsync",
"defaultStatus": "unaffected",
"packageName": "rsync",
"versions": [
{
"lessThanOrEqual": "3.3.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.3-21.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.2.5-3.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.2.5-3.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:1.14::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-ui-rhel9",
"product": "Red Hat Discovery 1.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."
}
],
"datePublic": "2025-01-14T15:06:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T21:50:39.432Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:2600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2600"
},
{
"name": "RHSA-2025:7050",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7050"
},
{
"name": "RHSA-2025:8385",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-12088"
},
{
"name": "RHBZ#2330676",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330676"
},
{
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-05T21:55:22.700000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-01-14T15:06:00+00:00",
"value": "Made public."
}
],
"title": "Rsync: --safe-links option bypass leads to path traversal",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-12088",
"datePublished": "2025-01-14T17:38:34.890Z",
"dateReserved": "2024-12-03T08:58:08.307Z",
"dateUpdated": "2025-11-06T21:50:39.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12086 (GCVE-0-2024-12086)
Vulnerability from cvelistv5 – Published: 2025-01-14 17:37 – Updated: 2025-11-06 21:50
VLAI?
Summary
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
Severity ?
6.1 (Medium)
CWE
- CWE-390 - Detection of Error Condition Without Action
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Affected:
0 , ≤ 3.3.0
(semver)
|
||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12086",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:14:25.165183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T14:20:53.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:52:14.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250131-0002/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html"
},
{
"url": "https://www.kb.cert.org/vuls/id/952657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/RsyncProject/rsync",
"defaultStatus": "unaffected",
"packageName": "rsync",
"versions": [
{
"lessThanOrEqual": "3.3.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."
}
],
"datePublic": "2025-01-14T15:06:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client\u0027s machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-390",
"description": "Detection of Error Condition Without Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T21:50:27.844Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-12086"
},
{
"name": "RHBZ#2330577",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330577"
},
{
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-05T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-01-14T15:06:00+00:00",
"value": "Made public."
}
],
"title": "Rsync: rsync server leaks arbitrary client files",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-390: Detection of Error Condition Without Action"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-12086",
"datePublished": "2025-01-14T17:37:54.960Z",
"dateReserved": "2024-12-03T08:57:58.397Z",
"dateUpdated": "2025-11-06T21:50:27.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12085 (GCVE-0-2024-12085)
Vulnerability from cvelistv5 – Published: 2025-01-14 17:37 – Updated: 2025-11-20 20:47
VLAI?
Summary
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
Severity ?
7.5 (High)
CWE
- CWE-908 - Use of Uninitialized Resource
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Affected:
0 , ≤ 3.3.0
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12085",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T04:55:13.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:52:11.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250131-0002/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html"
},
{
"url": "https://www.kb.cert.org/vuls/id/952657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/RsyncProject/rsync",
"defaultStatus": "unaffected",
"packageName": "rsync",
"versions": [
{
"lessThanOrEqual": "3.3.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.0.6-12.el6_10.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.2-12.el7_9.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.3-20.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.3-7.el8_2.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.3-12.el8_4.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.3-12.el8_4.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.3-12.el8_4.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.3-14.el8_6.6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.3-14.el8_6.6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.3-14.el8_6.6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.3-20.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.2.3-20.el9_5.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.2.3-20.el9_5.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream",
"cpe:/o:redhat:rhel_e4s:9.0::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.2.3-9.el9_0.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.2::baseos",
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.2.3-19.el9_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream",
"cpe:/o:redhat:rhel_eus:9.4::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.2.3-19.el9_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.12::el8"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.12",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "412.86.202502100314-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.13::el9",
"cpe:/a:redhat:openshift:4.13::el8"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.13",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "413.92.202503112237-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.14::el9",
"cpe:/a:redhat:openshift:4.14::el8"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "414.92.202502111902-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "415.92.202501281917-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-ansible-rhel9-operator",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.16.0-202501311735.p0.g2cb0020.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-helm-rhel9-operator",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.16.0-202501311933.p0.g4246d04.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-operator-sdk-rhel9",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.16.0-202501311605.p0.g4246d04.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "417.94.202502051822-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.17-22",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.17-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch6-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v6.8.1-454",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.17-17",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-proxy-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.0.0-537",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.17-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/eventrouter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.4.0-339",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/fluentd-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.17-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/log-file-metric-exporter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.1.0-320",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-curator5-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.1-552",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-loki-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v3.3.2-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-view-plugin-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.17-12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/lokistack-gateway-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-725",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/opa-openshift-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-342",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/vector-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.28.1-88",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.9::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-operator-bundle",
"product": "RHOL-5.9-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.9.11-25",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.9::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-rhel9-operator",
"product": "RHOL-5.9-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.9.11-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.9::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/eventrouter-rhel9",
"product": "RHOL-5.9-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.4.0-340",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.9::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/fluentd-rhel9",
"product": "RHOL-5.9-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.9.11-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.9::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/log-file-metric-exporter-rhel9",
"product": "RHOL-5.9-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.1.0-321",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.9::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-loki-rhel9",
"product": "RHOL-5.9-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v3.3.2-8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.9::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-view-plugin-rhel9",
"product": "RHOL-5.9-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.9.11-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.9::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-operator-bundle",
"product": "RHOL-5.9-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.9.11-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.9::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-rhel9-operator",
"product": "RHOL-5.9-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.9.11-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.9::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/lokistack-gateway-rhel9",
"product": "RHOL-5.9-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-724",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.9::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/opa-openshift-rhel9",
"product": "RHOL-5.9-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-341",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.9::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/vector-rhel9",
"product": "RHOL-5.9-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.34.1-30",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_compliance_operator:1::el9"
],
"defaultStatus": "affected",
"packageName": "compliance/openshift-compliance-must-gather-rhel8",
"product": "Compliance Operator 1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."
}
],
"datePublic": "2025-01-14T15:06:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T20:47:25.527Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:0324",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:0324"
},
{
"name": "RHSA-2025:0325",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:0325"
},
{
"name": "RHSA-2025:0637",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:0637"
},
{
"name": "RHSA-2025:0688",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:0688"
},
{
"name": "RHSA-2025:0714",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:0714"
},
{
"name": "RHSA-2025:0774",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:0774"
},
{
"name": "RHSA-2025:0787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:0787"
},
{
"name": "RHSA-2025:0790",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:0790"
},
{
"name": "RHSA-2025:0849",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:0849"
},
{
"name": "RHSA-2025:0884",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:0884"
},
{
"name": "RHSA-2025:0885",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:0885"
},
{
"name": "RHSA-2025:1120",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:1120"
},
{
"name": "RHSA-2025:1123",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:1123"
},
{
"name": "RHSA-2025:1128",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:1128"
},
{
"name": "RHSA-2025:1225",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:1225"
},
{
"name": "RHSA-2025:1227",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:1227"
},
{
"name": "RHSA-2025:1242",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:1242"
},
{
"name": "RHSA-2025:1451",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:1451"
},
{
"name": "RHSA-2025:21885",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"name": "RHSA-2025:2701",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2701"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-12085"
},
{
"name": "RHBZ#2330539",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330539"
},
{
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-05T12:06:36.594000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-01-14T15:06:00+00:00",
"value": "Made public."
}
],
"title": "Rsync: info leak via uninitialized stack contents",
"workarounds": [
{
"lang": "en",
"value": "Seeing as this vulnerability relies on information leakage coming from the presence of data in the uninitialized memory of the `sum2` buffer, a potential mitigation involves compiling rsync with the `-ftrivial-auto-var-init=zero` option set. This mitigates the issue because it initializes the `sum2` variable\u0027s memory with zeroes to prevent uninitialized memory disclosure."
}
],
"x_redhatCweChain": "CWE-908: Use of Uninitialized Resource"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-12085",
"datePublished": "2025-01-14T17:37:16.036Z",
"dateReserved": "2024-12-03T08:57:53.329Z",
"dateUpdated": "2025-11-20T20:47:25.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-51481 (GCVE-0-2024-51481)
Vulnerability from cvelistv5 – Published: 2024-10-31 16:10 – Updated: 2024-10-31 16:51
VLAI?
Summary
Nix is a package manager for Linux and other Unix systems. On macOS, built-in builders (such as `builtin:fetchurl`, exposed to users with `import <nix/fetchurl.nix>`) were not executed in the macOS sandbox. Thus, these builders (which are running under the `nixbld*` users) had read access to world-readable paths and write access to world-writable paths outside of the sandbox. This issue is fixed in 2.18.9, 2.19.7, 2.20.9, 2.21.5, 2.22.4, 2.23.4, and 2.24.10. Note that sandboxing is not enabled by default on macOS. The Nix sandbox is not primarily intended as a security mechanism, but as an aid to improve reproducibility and purity of Nix builds. However, sandboxing *can* mitigate the impact of other security issues by limiting what parts of the host system a build has access to.
Severity ?
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51481",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-31T16:51:51.261407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T16:51:59.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nix",
"vendor": "NixOS",
"versions": [
{
"status": "affected",
"version": "\u003c 2.18.9"
},
{
"status": "affected",
"version": "\u003e= 2.19.0, \u003c 2.19.7, 2.20.9, 2.21.5, 2.22.4, 2.23.4, 2.24.10"
},
{
"status": "affected",
"version": "\u003e= 2.20.0, \u003c 2.20.9"
},
{
"status": "affected",
"version": "\u003e= 2.21.0, \u003c 2.21.5"
},
{
"status": "affected",
"version": "\u003e= 2.22.0, \u003c 2.22.4"
},
{
"status": "affected",
"version": "\u003e= 2.23.0, \u003c 2.23.4"
},
{
"status": "affected",
"version": "\u003e= 2.24.0, \u003c 2.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nix is a package manager for Linux and other Unix systems. On macOS, built-in builders (such as `builtin:fetchurl`, exposed to users with `import \u003cnix/fetchurl.nix\u003e`) were not executed in the macOS sandbox. Thus, these builders (which are running under the `nixbld*` users) had read access to world-readable paths and write access to world-writable paths outside of the sandbox. This issue is fixed in 2.18.9, 2.19.7, 2.20.9, 2.21.5, 2.22.4, 2.23.4, and 2.24.10. Note that sandboxing is not enabled by default on macOS. The Nix sandbox is not primarily intended as a security mechanism, but as an aid to improve reproducibility and purity of Nix builds. However, sandboxing *can* mitigate the impact of other security issues by limiting what parts of the host system a build has access to."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 1,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T16:10:22.398Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NixOS/nix/security/advisories/GHSA-wf4c-57rh-9pjg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/nix/security/advisories/GHSA-wf4c-57rh-9pjg"
},
{
"name": "https://github.com/NixOS/nix/commit/597fcc98e18e3178734d06a9e7306250e8cb8d74",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nix/commit/597fcc98e18e3178734d06a9e7306250e8cb8d74"
}
],
"source": {
"advisory": "GHSA-wf4c-57rh-9pjg",
"discovery": "UNKNOWN"
},
"title": "Nix allows macOS sandbox escape via built-in builders"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-51481",
"datePublished": "2024-10-31T16:10:22.398Z",
"dateReserved": "2024-10-28T14:20:59.335Z",
"dateUpdated": "2024-10-31T16:51:59.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47174 (GCVE-0-2024-47174)
Vulnerability from cvelistv5 – Published: 2024-09-26 17:27 – Updated: 2024-09-26 17:49
VLAI?
Summary
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, `<nix/fetchurl.nix>` did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle (MITM) attack. `<nix/fetchurl.nix>` is also known as the builtin derivation builder `builtin:fetchurl`. It's not to be confused with the evaluation-time function `builtins.fetchurl`, which was not affected by this issue. A user may be affected by the risk of leaking credentials if they have a `netrc` file for authentication, or rely on derivations with `impureEnvVars` set to use credentials from the environment. In addition, the commonplace trust-on-first-use (TOFU) technique of updating dependencies by specifying an invalid hash and obtaining it from a remote store was also vulnerable to a MITM injecting arbitrary store objects. This also applied to the impure derivations experimental feature. Note that this may also happen when using Nixpkgs fetchers to obtain new hashes when not using the fake hash method, although that mechanism is not implemented in Nix itself but rather in Nixpkgs using a fixed-output derivation. The behavior was introduced in version 1.11 to make it consistent with the Nixpkgs `pkgs.fetchurl` and to make `<nix/fetchurl.nix>` work in the derivation builder sandbox, which back then did not have access to the CA bundles by default. Nowadays, CA bundles are bind-mounted on Linux. This issue has been fixed in Nix 2.18.8 and 2.24.8. As a workaround, implement (authenticated) fetching with `pkgs.fetchurl` from Nixpkgs, using `impureEnvVars` and `curlOpts` as needed.
Severity ?
5.9 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47174",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T17:49:17.234874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T17:49:28.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nix",
"vendor": "NixOS",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.11, \u003c 2.18.8"
},
{
"status": "affected",
"version": "\u003e= 2.24.0, \u003c 2.24.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, `\u003cnix/fetchurl.nix\u003e` did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle (MITM) attack. `\u003cnix/fetchurl.nix\u003e` is also known as the builtin derivation builder `builtin:fetchurl`. It\u0027s not to be confused with the evaluation-time function `builtins.fetchurl`, which was not affected by this issue. A user may be affected by the risk of leaking credentials if they have a `netrc` file for authentication, or rely on derivations with `impureEnvVars` set to use credentials from the environment. In addition, the commonplace trust-on-first-use (TOFU) technique of updating dependencies by specifying an invalid hash and obtaining it from a remote store was also vulnerable to a MITM injecting arbitrary store objects. This also applied to the impure derivations experimental feature. Note that this may also happen when using Nixpkgs fetchers to obtain new hashes when not using the fake hash method, although that mechanism is not implemented in Nix itself but rather in Nixpkgs using a fixed-output derivation. The behavior was introduced in version 1.11 to make it consistent with the Nixpkgs `pkgs.fetchurl` and to make `\u003cnix/fetchurl.nix\u003e` work in the derivation builder sandbox, which back then did not have access to the CA bundles by default. Nowadays, CA bundles are bind-mounted on Linux. This issue has been fixed in Nix 2.18.8 and 2.24.8. As a workaround, implement (authenticated) fetching with `pkgs.fetchurl` from Nixpkgs, using `impureEnvVars` and `curlOpts` as needed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T17:27:53.966Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NixOS/nix/security/advisories/GHSA-6fjr-mq49-mm2c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/nix/security/advisories/GHSA-6fjr-mq49-mm2c"
},
{
"name": "https://github.com/NixOS/nix/pull/11585",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nix/pull/11585"
},
{
"name": "https://github.com/NixOS/nix/commit/062b4a489e30da9c85fa4ff15cfdd2e51cac7b90",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nix/commit/062b4a489e30da9c85fa4ff15cfdd2e51cac7b90"
},
{
"name": "https://github.com/NixOS/nix/commit/5db358d4d78aea7204a8f22c5bf2a309267ee038",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nix/commit/5db358d4d78aea7204a8f22c5bf2a309267ee038"
}
],
"source": {
"advisory": "GHSA-6fjr-mq49-mm2c",
"discovery": "UNKNOWN"
},
"title": "Credential leak when credentials are used with `\u003cnix/fetchurl.nix\u003e`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47174",
"datePublished": "2024-09-26T17:27:53.966Z",
"dateReserved": "2024-09-19T22:32:11.961Z",
"dateUpdated": "2024-09-26T17:49:28.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45593 (GCVE-0-2024-45593)
Vulnerability from cvelistv5 – Published: 2024-09-10 15:51 – Updated: 2024-09-10 16:06
VLAI?
Summary
Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6.
Severity ?
9.1 (Critical)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:nixos:nix:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nix",
"vendor": "nixos",
"versions": [
{
"lessThan": "2.24.6",
"status": "affected",
"version": "2.24.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:03:03.600877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T16:06:16.016Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nix",
"vendor": "NixOS",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.24.0, \u003c 2.24.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T15:51:07.881Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493"
},
{
"name": "https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59"
}
],
"source": {
"advisory": "GHSA-h4vv-h3jq-v493",
"discovery": "UNKNOWN"
},
"title": "Nix affected by unsafe NAR unpacking"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45593",
"datePublished": "2024-09-10T15:51:07.881Z",
"dateReserved": "2024-09-02T16:00:02.423Z",
"dateUpdated": "2024-09-10T16:06:16.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45049 (GCVE-0-2024-45049)
Vulnerability from cvelistv5 – Published: 2024-08-27 20:33 – Updated: 2024-08-28 14:03
VLAI?
Summary
Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying https://github.com/NixOS/hydra/commit/f73043378907c2c7e44f633ad764c8bdd1c947d5 to any Hydra package. Users are advised to upgrade. Users unable to upgrade should deny the `/api/push` route in a reverse proxy. This also breaks the "Evaluate jobset" button in the frontend.
Severity ?
7.5 (High)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nixos:hydra:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hydra",
"vendor": "nixos",
"versions": [
{
"lessThan": "f73043378907c2c7e44f633ad764c8bdd1c947d5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45049",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T14:01:29.127323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T14:03:00.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hydra",
"vendor": "NixOS",
"versions": [
{
"status": "affected",
"version": "\u003c f73043378907c2c7e44f633ad764c8bdd1c947d5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying https://github.com/NixOS/hydra/commit/f73043378907c2c7e44f633ad764c8bdd1c947d5 to any Hydra package. Users are advised to upgrade. Users unable to upgrade should deny the `/api/push` route in a reverse proxy. This also breaks the \"Evaluate jobset\" button in the frontend."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T20:33:01.326Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NixOS/hydra/security/advisories/GHSA-xv29-v93r-2f5v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/hydra/security/advisories/GHSA-xv29-v93r-2f5v"
},
{
"name": "https://github.com/NixOS/nixpkgs/pull/337766",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nixpkgs/pull/337766"
},
{
"name": "https://github.com/NixOS/hydra/commit/f73043378907c2c7e44f633ad764c8bdd1c947d5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/hydra/commit/f73043378907c2c7e44f633ad764c8bdd1c947d5"
},
{
"name": "https://mastodon.delroth.net/@delroth/113029832631860419",
"tags": [
"x_refsource_MISC"
],
"url": "https://mastodon.delroth.net/@delroth/113029832631860419"
}
],
"source": {
"advisory": "GHSA-xv29-v93r-2f5v",
"discovery": "UNKNOWN"
},
"title": "Nix Hydra Missing authentication when triggering evaluations"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45049",
"datePublished": "2024-08-27T20:33:01.326Z",
"dateReserved": "2024-08-21T17:53:51.331Z",
"dateUpdated": "2024-08-28T14:03:00.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43378 (GCVE-0-2024-43378)
Vulnerability from cvelistv5 – Published: 2024-08-15 23:53 – Updated: 2024-09-03 18:02
VLAI?
Summary
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users who installed NixOS through the graphical installer who used manual disk partitioning to create a setup where the system was booted via legacy BIOS rather than UEFI; some disk partitions are encrypted; but the partitions containing either `/` or `/boot` are unencrypted; have their LUKS disk encryption key file in plain text either in `/crypto_keyfile.bin`, or in a CPIO archive attached to their NixOS initrd. `nixos-install` is not affected, nor are UEFI installations, nor was the default automatic partitioning configuration on legacy BIOS systems. The problem has been fixed in calamares-nixos-extensions 0.3.17, which was included in NixOS. The current installer images for the NixOS 24.05 and unstable (24.11) channels are unaffected. The fix reached 24.05 at 2024-08-13 20:06:59 UTC, and unstable at 2024-08-15 09:00:20 UTC. Installer images downloaded before those times may be vulnerable. The best solution for affected users is probably to back up their data and do a complete reinstallation. However, the mitigation procedure in GHSA-3rvf-24q2-24ww should work solely for the case where `/` is encrypted but `/boot` is not. If `/` is unencrypted, then the `/crypto_keyfile.bin` file will need to be deleted in addition to the remediation steps in the previous advisory. This issue is a partial regression of CVE-2023-36476 / GHSA-3rvf-24q2-24ww, which was more severe as it applied to the default configuration on BIOS systems.
Severity ?
7.8 (High)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NixOS | calamares-nixos-extensions |
Affected:
< 0.3.17
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nixos:calamares-nixos-extensions:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "calamares-nixos-extensions",
"vendor": "nixos",
"versions": [
{
"lessThan": "0.3.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43378",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T20:54:33.909326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:02:47.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "calamares-nixos-extensions",
"vendor": "NixOS",
"versions": [
{
"status": "affected",
"version": "\u003c 0.3.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users who installed NixOS through the graphical installer who used manual disk partitioning to create a setup where the system was booted via legacy BIOS rather than UEFI; some disk partitions are encrypted; but the partitions containing either `/` or `/boot` are unencrypted; have their LUKS disk encryption key file in plain text either in `/crypto_keyfile.bin`, or in a CPIO archive attached to their NixOS initrd. `nixos-install` is not affected, nor are UEFI installations, nor was the default automatic partitioning configuration on legacy BIOS systems. The problem has been fixed in calamares-nixos-extensions 0.3.17, which was included in NixOS. The current installer images for the NixOS 24.05 and unstable (24.11) channels are unaffected. The fix reached 24.05 at 2024-08-13 20:06:59 UTC, and unstable at 2024-08-15 09:00:20 UTC. Installer images downloaded before those times may be vulnerable. The best solution for affected users is probably to back up their data and do a complete reinstallation. However, the mitigation procedure in GHSA-3rvf-24q2-24ww should work solely for the case where `/` is encrypted but `/boot` is not. If `/` is unencrypted, then the `/crypto_keyfile.bin` file will need to be deleted in addition to the remediation steps in the previous advisory. This issue is a partial regression of CVE-2023-36476 / GHSA-3rvf-24q2-24ww, which was more severe as it applied to the default configuration on BIOS systems."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256: Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T23:53:07.103Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NixOS/calamares-nixos-extensions/security/advisories/GHSA-vfxf-gpmj-2p25",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/calamares-nixos-extensions/security/advisories/GHSA-vfxf-gpmj-2p25"
},
{
"name": "https://github.com/NixOS/calamares-nixos-extensions/security/advisories/GHSA-3rvf-24q2-24ww",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/calamares-nixos-extensions/security/advisories/GHSA-3rvf-24q2-24ww"
},
{
"name": "https://github.com/NixOS/calamares-nixos-extensions/pull/43",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/calamares-nixos-extensions/pull/43"
},
{
"name": "https://github.com/NixOS/nixpkgs/pull/331607",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nixpkgs/pull/331607"
},
{
"name": "https://github.com/NixOS/nixpkgs/pull/334252",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nixpkgs/pull/334252"
}
],
"source": {
"advisory": "GHSA-vfxf-gpmj-2p25",
"discovery": "UNKNOWN"
},
"title": "calamares-nixos-extensions LUKS keyfile exposure regression on legacy BIOS systems"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43378",
"datePublished": "2024-08-15T23:53:07.103Z",
"dateReserved": "2024-08-09T14:23:55.514Z",
"dateUpdated": "2024-09-03T18:02:47.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38531 (GCVE-0-2024-38531)
Vulnerability from cvelistv5 – Published: 2024-06-28 13:18 – Updated: 2024-08-02 04:12
VLAI?
Summary
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4.
Severity ?
CWE
- CWE-278 - Insecure Preserved Inherited Permissions
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T15:26:22.607904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T19:37:03.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/NixOS/nix/security/advisories/GHSA-q82p-44mg-mgh5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NixOS/nix/security/advisories/GHSA-q82p-44mg-mgh5"
},
{
"name": "https://github.com/NixOS/nix/pull/10501",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NixOS/nix/pull/10501"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nix",
"vendor": "NixOS",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.23.0, \u003c 2.23.1"
},
{
"status": "affected",
"version": "\u003e= 2.22.0, \u003c 2.22.2"
},
{
"status": "affected",
"version": "\u003e= 2.21.0, \u003c 2.21.3"
},
{
"status": "affected",
"version": "\u003e= 2.20.0, \u003c 2.20.7"
},
{
"status": "affected",
"version": "\u003e= 2.19.0, \u003c 2.19.5"
},
{
"status": "affected",
"version": "\u003e= 2.18.0, \u003c 2.18.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-278",
"description": "CWE-278: Insecure Preserved Inherited Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T13:18:58.604Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NixOS/nix/security/advisories/GHSA-q82p-44mg-mgh5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/nix/security/advisories/GHSA-q82p-44mg-mgh5"
},
{
"name": "https://github.com/NixOS/nix/pull/10501",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nix/pull/10501"
}
],
"source": {
"advisory": "GHSA-q82p-44mg-mgh5",
"discovery": "UNKNOWN"
},
"title": "Nix sandbox escape"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-38531",
"datePublished": "2024-06-28T13:18:58.604Z",
"dateReserved": "2024-06-18T16:37:02.729Z",
"dateUpdated": "2024-08-02T04:12:25.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32657 (GCVE-0-2024-32657)
Vulnerability from cvelistv5 – Published: 2024-04-22 22:24 – Updated: 2024-08-02 02:13
VLAI?
Summary
Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is serving NixOS `.iso` files. The issue is only with html files served by Hydra. The issue has been patched on https://hydra.nixos.org around 2024-04-21 14:30 UTC. The nixpkgs package were fixed in unstable and 23.11. Users with custom Hydra packages can apply the fix commit to their local installations. The vulnerability is only triggered when opening HTML build artifacts, so not opening them until the vulnerability is fixed works around the issue.
Severity ?
4.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nixos:hydra:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hydra",
"vendor": "nixos",
"versions": [
{
"lessThan": "23.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:nixos:hydra:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hydra",
"vendor": "nixos",
"versions": [
{
"lessThan": "b72528be5074f3e62e9ae2c2ae8ef9c07a0b4dd3",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32657",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T15:14:39.830005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:08:52.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:13:40.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/NixOS/hydra/security/advisories/GHSA-2p75-6g9f-pqgx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NixOS/hydra/security/advisories/GHSA-2p75-6g9f-pqgx"
},
{
"name": "https://github.com/NixOS/nixpkgs/pull/306017",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NixOS/nixpkgs/pull/306017"
},
{
"name": "https://github.com/NixOS/nixpkgs/pull/306018",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NixOS/nixpkgs/pull/306018"
},
{
"name": "https://github.com/NixOS/hydra/commit/b72528be5074f3e62e9ae2c2ae8ef9c07a0b4dd3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NixOS/hydra/commit/b72528be5074f3e62e9ae2c2ae8ef9c07a0b4dd3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "hydra",
"vendor": "NixOS",
"versions": [
{
"status": "affected",
"version": "\u003c b72528be5074f3e62e9ae2c2ae8ef9c07a0b4dd3"
},
{
"status": "affected",
"version": "\u003c 23.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is serving NixOS `.iso` files. The issue is only with html files served by Hydra. The issue has been patched on https://hydra.nixos.org around 2024-04-21 14:30 UTC. The nixpkgs package were fixed in unstable and 23.11. Users with custom Hydra packages can apply the fix commit to their local installations. The vulnerability is only triggered when opening HTML build artifacts, so not opening them until the vulnerability is fixed works around the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-22T22:24:06.762Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NixOS/hydra/security/advisories/GHSA-2p75-6g9f-pqgx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/hydra/security/advisories/GHSA-2p75-6g9f-pqgx"
},
{
"name": "https://github.com/NixOS/nixpkgs/pull/306017",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nixpkgs/pull/306017"
},
{
"name": "https://github.com/NixOS/nixpkgs/pull/306018",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nixpkgs/pull/306018"
},
{
"name": "https://github.com/NixOS/hydra/commit/b72528be5074f3e62e9ae2c2ae8ef9c07a0b4dd3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/hydra/commit/b72528be5074f3e62e9ae2c2ae8ef9c07a0b4dd3"
}
],
"source": {
"advisory": "GHSA-2p75-6g9f-pqgx",
"discovery": "UNKNOWN"
},
"title": "Hydra has persistent XSS vulnerability serving HTML build outputs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32657",
"datePublished": "2024-04-22T22:24:06.762Z",
"dateReserved": "2024-04-16T14:15:26.877Z",
"dateUpdated": "2024-08-02T02:13:40.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27297 (GCVE-0-2024-27297)
Vulnerability from cvelistv5 – Published: 2024-03-11 21:24 – Updated: 2025-06-27 12:16
VLAI?
Summary
Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
6.3 (Medium)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27297",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T18:38:57.385291Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:24.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-06-27T12:16:28.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/"
},
{
"name": "https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37"
},
{
"name": "https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000"
},
{
"name": "https://hackmd.io/03UGerewRcy3db44JQoWvw",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackmd.io/03UGerewRcy3db44JQoWvw"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "nix",
"vendor": "NixOS",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.3.18"
},
{
"status": "affected",
"version": "\u003e= 2.4.0, \u003c 2.18.2"
},
{
"status": "affected",
"version": "\u003e= 2.19.0, \u003c 2.19.4"
},
{
"status": "affected",
"version": "\u003e= 2.20.0, \u003c 2.20.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as \"valid\" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-11T21:25:51.065Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37"
},
{
"name": "https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000"
},
{
"name": "https://hackmd.io/03UGerewRcy3db44JQoWvw",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackmd.io/03UGerewRcy3db44JQoWvw"
}
],
"source": {
"advisory": "GHSA-2ffj-w4mj-pg37",
"discovery": "UNKNOWN"
},
"title": "Nix Corruption of fixed-output derivations"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27297",
"datePublished": "2024-03-11T21:24:43.919Z",
"dateReserved": "2024-02-22T18:08:38.874Z",
"dateUpdated": "2025-06-27T12:16:28.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36476 (GCVE-0-2023-36476)
Vulnerability from cvelistv5 – Published: 2023-06-29 00:18 – Updated: 2024-11-27 14:17
VLAI?
Summary
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted `/boot`, on either non-UEFI systems or with a LUKS partition different from `/` have their LUKS key file in `/boot` as a plaintext CPIO archive attached to their NixOS initrd. A patch is available and anticipated to be part of version 0.3.13 to backport to NixOS 22.11, 23.05, and unstable channels. Expert users who have a copy of their data may, as a workaround, re-encrypt the LUKS partition(s) themselves.
Severity ?
7.9 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NixOS | calamares-nixos-extensions |
Affected:
<= 0.3.12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:45:56.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/NixOS/calamares-nixos-extensions/security/advisories/GHSA-3rvf-24q2-24ww",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NixOS/calamares-nixos-extensions/security/advisories/GHSA-3rvf-24q2-24ww"
},
{
"name": "https://github.com/osresearch/heads/issues/1348",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/osresearch/heads/issues/1348"
},
{
"name": "https://github.com/vlinkz/calamares-nixos-extensions/commit/837ca4da5521a74d3b5ca6f7b88890a6713faa22",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vlinkz/calamares-nixos-extensions/commit/837ca4da5521a74d3b5ca6f7b88890a6713faa22"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36476",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T14:17:19.930765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T14:17:28.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "calamares-nixos-extensions",
"vendor": "NixOS",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.3.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted `/boot`, on either non-UEFI systems or with a LUKS partition different from `/` have their LUKS key file in `/boot` as a plaintext CPIO archive attached to their NixOS initrd. A patch is available and anticipated to be part of version 0.3.13 to backport to NixOS 22.11, 23.05, and unstable channels. Expert users who have a copy of their data may, as a workaround, re-encrypt the LUKS partition(s) themselves."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:18:42.532Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NixOS/calamares-nixos-extensions/security/advisories/GHSA-3rvf-24q2-24ww",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/calamares-nixos-extensions/security/advisories/GHSA-3rvf-24q2-24ww"
},
{
"name": "https://github.com/osresearch/heads/issues/1348",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/osresearch/heads/issues/1348"
},
{
"name": "https://github.com/vlinkz/calamares-nixos-extensions/commit/837ca4da5521a74d3b5ca6f7b88890a6713faa22",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vlinkz/calamares-nixos-extensions/commit/837ca4da5521a74d3b5ca6f7b88890a6713faa22"
}
],
"source": {
"advisory": "GHSA-3rvf-24q2-24ww",
"discovery": "UNKNOWN"
},
"title": "`calamares-nixos-extensions` LUKS keyfile exposure"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-36476",
"datePublished": "2023-06-29T00:18:42.532Z",
"dateReserved": "2023-06-21T18:50:41.704Z",
"dateUpdated": "2024-11-27T14:17:28.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17365 (GCVE-0-2019-17365)
Vulnerability from cvelistv5 – Published: 2019-10-09 21:19 – Updated: 2024-08-05 01:40
VLAI?
Summary
Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:15.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/4"
},
{
"name": "[oss-security] 20191010 Re: CVE-2019-17365: Nix per-user profile directory hijack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/10/1"
},
{
"name": "[oss-security] 20191017 CVE-2019-18192: Insecure permissions on Guix profile directory",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/17/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nix through 2.3 allows local users to gain access to an arbitrary user\u0027s account because the parent directory of the user-profile directories is world writable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T23:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/4"
},
{
"name": "[oss-security] 20191010 Re: CVE-2019-17365: Nix per-user profile directory hijack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/10/1"
},
{
"name": "[oss-security] 20191017 CVE-2019-18192: Insecure permissions on Guix profile directory",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/17/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nix through 2.3 allows local users to gain access to an arbitrary user\u0027s account because the parent directory of the user-profile directories is world writable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2019/10/09/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/4"
},
{
"name": "[oss-security] 20191010 Re: CVE-2019-17365: Nix per-user profile directory hijack",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/10/1"
},
{
"name": "[oss-security] 20191017 CVE-2019-18192: Insecure permissions on Guix profile directory",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/17/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17365",
"datePublished": "2019-10-09T21:19:13",
"dateReserved": "2019-10-09T00:00:00",
"dateUpdated": "2024-08-05T01:40:15.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7412 (GCVE-0-2017-7412)
Vulnerability from cvelistv5 – Published: 2017-04-04 00:00 – Updated: 2024-08-05 16:04
VLAI?
Summary
NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NixOS/nixpkgs/commit/6c59d851e2967410cc8fb6ba3f374b1d3efa988e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NixOS/nixpkgs/commit/fa4fe7110566d8370983fa81f2b04a833339236d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.science.uu.nl/pipermail/nix-dev/2017-April/023329.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-04T04:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/nixpkgs/commit/6c59d851e2967410cc8fb6ba3f374b1d3efa988e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/nixpkgs/commit/fa4fe7110566d8370983fa81f2b04a833339236d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.science.uu.nl/pipermail/nix-dev/2017-April/023329.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NixOS/nixpkgs/commit/6c59d851e2967410cc8fb6ba3f374b1d3efa988e",
"refsource": "CONFIRM",
"url": "https://github.com/NixOS/nixpkgs/commit/6c59d851e2967410cc8fb6ba3f374b1d3efa988e"
},
{
"name": "https://github.com/NixOS/nixpkgs/commit/fa4fe7110566d8370983fa81f2b04a833339236d",
"refsource": "CONFIRM",
"url": "https://github.com/NixOS/nixpkgs/commit/fa4fe7110566d8370983fa81f2b04a833339236d"
},
{
"name": "http://lists.science.uu.nl/pipermail/nix-dev/2017-April/023329.html",
"refsource": "CONFIRM",
"url": "http://lists.science.uu.nl/pipermail/nix-dev/2017-April/023329.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7412",
"datePublished": "2017-04-04T00:00:00",
"dateReserved": "2017-04-03T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}