Nixpkgs security tracker

Dismissed

Permalink CVE-2025-13053

updated 4 months, 1 week ago by @LeSuisse Activity log

Created suggestion 4 months, 2 weeks ago
@LeSuisse ignored
3 packages
- perlPackages.NetCUPS
- perl538Packages.NetCUPS
- perl540Packages.NetCUPS
4 months, 1 week ago
@LeSuisse dismissed 4 months, 1 week ago

A missing encryption of sensitive data vulnerability was found in the UPS settings of ADM

When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to intercept network traffic between the client and server can perform a man-in-the-middle (MITM) attack, which may obtain the sensitive information of the UPS server configuation. This issue affects ADM: from 4.1.0 through 4.3.3.RKD2, from 5.0.0 through 5.1.0.RN42.

References

https://www.asustor.com/security/security_advisory_detail?id=49 vendor-advisory

Affected products

UPS

=<4.3.3.RKD2
=<5.1.0.RN42

Ignored packages (3)

pkgs.perlPackages.NetCUPS

Common Unix Printing System Interface

nixos-unstable 0.64
- nixpkgs-unstable 0.64
- nixos-unstable-small 0.64

pkgs.perl538Packages.NetCUPS

Common Unix Printing System Interface

nixos-unstable 0.64
- nixpkgs-unstable 0.64
- nixos-unstable-small 0.64

pkgs.perl540Packages.NetCUPS

Common Unix Printing System Interface

nixos-unstable 0.64
- nixpkgs-unstable 0.64
- nixos-unstable-small 0.64

Impacted software not present in nixpkgs

Suggestion detail

References

Affected products

pkgs.perlPackages.NetCUPS

pkgs.perl538Packages.NetCUPS

pkgs.perl540Packages.NetCUPS