Nixpkgs security tracker
NIXPKGS-2026-1356
GitHub issue
published 1 month, 3 weeks ago
Permalink
CVE-2026-43505
6.5 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): Low (L)
- Availability (A): Low (L)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): Low (L)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
2 packages
- prosody-filer
- jitsi-meet-prosody
- @LeSuisse accepted
- @LeSuisse published on GitHub
An issue was discovered in Prosody before 0.12.6 and 1.0.0 …
An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 mishandles access control in the activation scenario, relaying of unauthenticated traffic can occur.
References
Affected products
Prosody
- <0.12.6
- <13.0.5
Matching in nixpkgs
Ignored packages (2)
pkgs.prosody-filer
Simple file server for handling XMPP http_upload requests
-
nixos-unstable 2021-05-24
- nixpkgs-unstable 2021-05-24
- nixos-unstable-small 2021-05-24
pkgs.jitsi-meet-prosody
Prosody configuration for Jitsi Meet
Package maintainers
-
@toastal toastal <toastal+nix@posteo.net>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@mirror230469 mirror <mirror230469@disroot.org>