Nixpkgs security tracker
6.5 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): Required (R)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): None (N)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): None (N)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
23 packages
- mopsa
- sipsak
- sharpsat-td
- purescript-psa
- svndumpsanitizer
- phpPackages.psalm
- ocamlPackages.mopsa
- php82Packages.psalm
- php83Packages.psalm
- php84Packages.psalm
- haskellPackages.cpsa
- python312Packages.tapsaff
- python313Packages.tapsaff
- nodePackages.purescript-psa
- python312Packages.markupsafe
- python312Packages.psautohint
- python313Packages.markupsafe
- python313Packages.psautohint
- terraform-providers.vpsadmin
- nodePackages_latest.purescript-psa
- python312Packages.types-markupsafe
- python313Packages.types-markupsafe
- terraform-providers.vpsfreecz_vpsadmin
- @LeSuisse dismissed
Session Cookies Missing HttpOnly Attribute
In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values.
References
Affected products
- ==All versions prior to 2026.1
Ignored packages (23)
pkgs.mopsa
A Modular and Open Platform for Static Analysis using Abstract Interpretation
pkgs.sipsak
SIP Swiss army knife
pkgs.sharpsat-td
Fast solver for the #SAT model counting problem
-
nixos-unstable 0-unstable-2021-09-05
- nixpkgs-unstable 0-unstable-2021-09-05
- nixos-unstable-small 0-unstable-2021-09-05
pkgs.purescript-psa
Error/Warning reporting frontend for psc
pkgs.svndumpsanitizer
Alternative to svndumpfilter that discovers which nodes should actually be kept
pkgs.phpPackages.psalm
Static analysis tool for finding errors in PHP applications
pkgs.ocamlPackages.mopsa
Modular and Open Platform for Static Analysis using Abstract Interpretation
pkgs.php82Packages.psalm
Static analysis tool for finding errors in PHP applications
pkgs.php83Packages.psalm
Static analysis tool for finding errors in PHP applications
pkgs.php84Packages.psalm
Static analysis tool for finding errors in PHP applications
pkgs.haskellPackages.cpsa
Symbolic cryptographic protocol analyzer
pkgs.python312Packages.tapsaff
Provides an API for requesting information from taps-aff.co.uk
pkgs.python313Packages.tapsaff
Provides an API for requesting information from taps-aff.co.uk
pkgs.nodePackages.purescript-psa
Error/Warning reporting frontend for psc
pkgs.python312Packages.markupsafe
Implements a XML/HTML/XHTML Markup safe string
pkgs.python312Packages.psautohint
Script to normalize the XML and other data inside of a UFO
pkgs.python313Packages.markupsafe
Implements a XML/HTML/XHTML Markup safe string
pkgs.python313Packages.psautohint
Script to normalize the XML and other data inside of a UFO
pkgs.terraform-providers.vpsadmin
None
pkgs.nodePackages_latest.purescript-psa
Error/Warning reporting frontend for psc
pkgs.python312Packages.types-markupsafe
Typing stubs for MarkupSafe
pkgs.python313Packages.types-markupsafe
Typing stubs for MarkupSafe
pkgs.terraform-providers.vpsfreecz_vpsadmin
None