Nixpkgs Security Tracker

Login with GitHub

Automatically generated suggestions

to queue a suggestion for refinement.

to remove a suggestion from the queue.

CVE-2024-10963
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 3 months ago
Pam: improper hostname interpretation in pam_access leads to access control bypass

A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.

Affected products

pam
  • ==1.5.1
  • ==1.3.1
  • <1.7.0
  • *
rhcos
  • *
odh-rhel8-operator
odh-dashboard-rhel8
odh-modelmesh-rhel8
odh-operator-bundle
odh-mm-rest-proxy-rhel8
odh-model-registry-rhel8
rhoai/odh-dashboard-rhel8
  • *
odh-kueue-controller-rhel8
odh-mlmd-grpc-server-rhel8
odh-model-controller-rhel8
odh-trustyai-service-rhel8
odh-training-operator-rhel8
odh-codeflare-operator-rhel8
odh-ml-pipelines-driver-rhel8
odh-notebook-controller-rhel8
odh-ml-pipelines-launcher-rhel8
odh-kf-notebook-controller-rhel8
odh-model-registry-operator-rhel8
odh-modelmesh-runtime-adapter-rhel8
odh-trustyai-service-operator-rhel8
odh-ml-pipelines-api-server-v2-rhel8
odh-kuberay-operator-controller-rhel8
odh-modelmesh-serving-controller-rhel8
odh-ml-pipelines-persistenceagent-v2-rhel8
odh-ml-pipelines-scheduledworkflow-v2-rhel8
registry.redhat.io/rhoai/odh-dashboard-rhel8
  • *
odh-data-science-pipelines-argo-argoexec-rhel8
odh-data-science-pipelines-operator-controller-rhel8
odh-data-science-pipelines-argo-workflowcontroller-rhel8

Matching in nixpkgs

pkgs.pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

pkgs.ipam

Cli based IPAM written in Go with PowerDNS support

pkgs.opam

Package manager for OCaml

pkgs.paml

Phylogenetic Analysis by Maximum Likelihood (PAML)

pkgs.dspam

Community Driven Antispam Filter

pkgs.pamix

Pulseaudio terminal mixer

pkgs.rspamd

Advanced spam filtering system

pkgs.openpam

Open source PAM library that focuses on simplicity, correctness, and cleanliness

pkgs.pam_p11

Authentication with PKCS#11 modules

pkgs.pam_u2f

PAM module for allowing authentication with a U2F device

pkgs.pamixer

Pulseaudio command line mixer

pkgs.pam_krb5

PAM module allowing PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC

pkgs.pam_rssh

PAM module for authenticating via ssh-agent, written in Rust

pkgs.linux-pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

pkgs.ncpamixer

Terminal mixer for PulseAudio inspired by pavucontrol

pkgs.opam2json

Convert opam file syntax to JSON

pkgs.pam_dp9ik

dp9ik pam module

pkgs.pam_gnupg

Unlock GnuPG keys on login

pkgs.pam_mount

PAM module to mount volumes for a user session

pkgs.pam_mysql

PAM authentication module against a MySQL database

pkgs.pam_pgsql

Support to authenticate against PostgreSQL for PAM-enabled appliations

pkgs.pamtester

Utility program to test the PAM facility

pkgs.pam_ccreds

PAM module to locally authenticate using an enterprise identity when the network is unavailable

pkgs.pam_mktemp

PAM for login service to provide per-user private directories

pkgs.pam_rundir

Provide user runtime directory on Linux systems

pkgs.pam_tmpdir

PAM module for creating safe per-user temporary directories

pkgs.yubico-pam

Yubico PAM module

pkgs.pam-watchid

PAM plugin module that allows the Apple Watch to be used for authentication

pkgs.apparmor-pam

Mandatory access control system - PAM service

pkgs.opam-publish

Tool to ease contributions to opam repositories

pkgs.pam-reattach

Reattach to the user's GUI session on macOS during authentication (for Touch ID support in tmux)

pkgs.spamassassin

Open-Source Spam Filter

pkgs.nss_pam_ldapd

LDAP identity and authentication for NSS/PAM

pkgs.libpam-wrapper

Wrapper for testing PAM modules

pkgs.opam-installer

Handle (un)installation from opam install files

pkgs.pam-honeycreds

PAM module that sends warnings when fake passwords are used

pkgs.rspamd-trainer

Grabs messages from a spam mailbox via IMAP and feeds them to Rspamd for training

pkgs.pam_ssh_agent_auth

PAM module for authentication through the SSH agent

pkgs.decode-spam-headers

Script that helps you understand why your E-Mail ended up in Spam

pkgs.haskellPackages.pam

Haskell binding for C PAM API

pkgs.luaPackages.lua-pam

Lua module for PAM authentication

pkgs.google-authenticator

Two-step verification, with pam module

pkgs.lua51Packages.lua-pam

Lua module for PAM authentication

pkgs.lua52Packages.lua-pam

Lua module for PAM authentication

pkgs.lua53Packages.lua-pam

Lua module for PAM authentication

pkgs.kdePackages.kwallet-pam

PAM Integration with KWallet - Unlock KWallet when you login

pkgs.opensmtpd-filter-rspamd

OpenSMTPD filter integration for the Rspamd daemon

pkgs.python312Packages.pamqp

RabbitMQ Focused AMQP low-level library

pkgs.python313Packages.pamqp

RabbitMQ Focused AMQP low-level library

pkgs.python312Packages.pamela

PAM interface using ctypes

pkgs.python313Packages.pamela

PAM interface using ctypes

pkgs.stalwart-mail-spam-filter

Secure & modern all-in-one mail server Stalwart (spam-filter module)

pkgs.python312Packages.pypamtest

Wrapper for testing PAM modules

pkgs.python313Packages.pypamtest

Wrapper for testing PAM modules

pkgs.python312Packages.python-pam

Python pam module

pkgs.python313Packages.python-pam

Python pam module

pkgs.wordpressPackages.plugins.antispam-bee

pkgs.matrix-synapse-plugins.matrix-synapse-pam

PAM auth provider for the Synapse Matrix server

pkgs.matrix-synapse-plugins.synapse-http-antispam

Synapse module that forwards spam checking to an HTTP server

pkgs.matrix-synapse-plugins.matrix-synapse-mjolnir-antispam

AntiSpam / Banlist plugin to be used with mjolnir

pkgs.vscode-extensions.fabiospampinato.vscode-open-in-github

VS Code extension to open the current project or file in github.com

Package maintainers: 55

CVE-2024-31419
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 3 months ago
Cnv: information disclosure through the usage of vm-dump-metrics

An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue could expose limited host metrics of a node to any guest in any namespace without being explicitly enabled by an administrator.

Affected products

cnv
  • ==4.15.1
kubevirt-hyperconverged-cluster-operator

Matching in nixpkgs

pkgs.python312Packages.cnvkit

Python library and command-line software toolkit to infer and visualize copy number from high-throughput DNA sequencing data

pkgs.python313Packages.cnvkit

Python library and command-line software toolkit to infer and visualize copy number from high-throughput DNA sequencing data

Package maintainers: 1

CVE-2024-6861
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 3 months ago
Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api

A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.

Affected products

foreman
  • <3.3
  • *
satellite:el8/foreman
  • *
satellite-utils:el8/foreman
  • *
satellite-capsule:el8/foreman
  • *

Matching in nixpkgs

pkgs.foreman

Process manager for applications with multiple components

Package maintainers: 1

CVE-2024-1979
3.5 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 3 months ago
Quarkus: information leak in annotation

A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk.

Affected products

quarkus
  • <3.2.11
io.quarkus/quarkus-openshift
io.quarkus/quarkus-kubernetes-deployment
  • *

Matching in nixpkgs

pkgs.quarkus

Kubernetes-native Java framework tailored for GraalVM and HotSpot, crafted from best-of-breed Java libraries and standards

Package maintainers: 1

CVE-2024-43142
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 3 months ago
WordPress Tutor LMS plugin <= 2.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 2.7.3.

Affected products

tutor
  • =<2.7.3

Matching in nixpkgs

pkgs.typstPackages.tutor_0_3_0

Utilities to create exams

pkgs.typstPackages.tutor_0_4_0

Utilities to create exams

pkgs.typstPackages.tutor_0_6_1

Utilities to create exams

pkgs.typstPackages.tutor_0_7_0

Utilities to create exams

pkgs.typstPackages.tutor_0_8_0

Utilities to create exams

pkgs.haskellPackages.timeless-tutorials

Initial project template from stack

Package maintainers: 1

CVE-2024-37415
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months ago
WordPress E2Pdf plugin <= 1.20.27 - Broken Access Control vulnerability

Missing Authorization vulnerability in E2Pdf.Com allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through 1.20.27.

Affected products

e2pdf
  • =<1.20.27

Matching in nixpkgs

pkgs.haskellPackages.line2pdf

Simple command-line utility to convert text into PDF

CVE-2024-8553
6.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months ago
Foreman: read-only access to entire db from templates

A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.

Affected products

foreman
  • *

Matching in nixpkgs

pkgs.foreman

Process manager for applications with multiple components

Package maintainers: 1

CVE-2024-5967
2.7 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 3 months ago
Keycloak: leak of configured ldap bind credentials through the keycloak admin console

A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL  independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console or compromised a user with sufficient privileges can leak domain credentials and attack the domain.

Affected products

keycloak
  • <24.0.6
  • <22.0.12
  • <25.0.1
keycloak-core
rh-sso7-keycloak
  • *
rhbk/keycloak-rhel9
  • *
rhbk/keycloak-rhel9-operator
  • *
rhbk/keycloak-operator-bundle
  • *
rh-sso-7/sso76-openshift-rhel8
  • *

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

pkgs.terraform-providers.keycloak

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API

Package maintainers: 4

CVE-2024-10573
6.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 months ago
Mpg123: buffer overflow when writing decoded pcm samples

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.

Affected products

mpg123
  • *
  • <1.32.8

Matching in nixpkgs

pkgs.mpg123

Fast console MPEG Audio Player and decoder library

pkgs.libmpg123

Fast console MPEG Audio Player and decoder library

pkgs.haskellPackages.mpg123-bindings

Mpg132 bindings

Package maintainers: 1

CVE-2024-3935
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 months ago
Eclipse Mosquito: Double free vulnerability

In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.

Affected products

mosquitto
  • =<2.0.18

Matching in nixpkgs

pkgs.mosquitto

Open source MQTT v3.1/3.1.1/5.0 broker

pkgs.haskellPackages.mosquitto-hs

Mosquitto client library bindings

pkgs.chickenPackages_5.chickenEggs.mosquitto

Bindings to mosquitto MQTT client library

Package maintainers: 2