Nixpkgs security tracker

Login with GitHub

Suggestion detail

Dismissed

Permalink CVE-2025-24022

8.5 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Changed (C)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 4 months, 1 week ago by @LeSuisse Activity log

Created suggestion 4 months, 1 week ago
@LeSuisse ignored
11 packages
- nvitop
- psitop
- gitopper
- weave-gitops
- luaPackages.luabitop
- lua51Packages.luabitop
- lua52Packages.luabitop
- luajitPackages.luabitop
- tailscale-gitops-pusher
- python312Packages.anitopy
- python313Packages.anitopy
4 months, 1 week ago
@LeSuisse dismissed 4 months, 1 week ago

iTop server vulnerable to portal code injection

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1.

References

https://github.com/Combodo/iTop/security/advisories/GHSA-rhv2-wfrr-4j2j x_refsource_CONFIRM
https://github.com/Combodo/iTop/commit/082d865efaf8a349b60fe3875e9c726c24f8a8bd x_refsource_MISC
https://github.com/Combodo/iTop/commit/37fc1a572380f2faa67fddea5b1a3a4ba72ed54e x_refsource_MISC
https://github.com/Combodo/iTop/commit/5780f26817c2303c5bdd0ad16e21d4d959780b0b x_refsource_MISC

Affected products

iTop

==< 2.7.12
==>= 3.0.0, < 3.1.3
==>= 3.2.0, < 3.2.1

Ignored packages (11)

pkgs.nvitop

Interactive NVIDIA-GPU process viewer, the one-stop solution for GPU process management

nixos-unstable 1.6.0
- nixpkgs-unstable 1.6.0
- nixos-unstable-small 1.6.0

pkgs.psitop

Top for /proc/pressure

nixos-unstable 1.1.3
- nixpkgs-unstable 1.1.3
- nixos-unstable-small 1.1.3

pkgs.gitopper

Gitops for non-Kubernetes folks

nixos-unstable 0.0.20
- nixpkgs-unstable 0.0.20
- nixos-unstable-small 0.0.20

pkgs.weave-gitops

Weave Gitops CLI

nixos-unstable 0.38.0
- nixpkgs-unstable 0.38.0
- nixos-unstable-small 0.38.0

pkgs.luaPackages.luabitop

Lua Bit Operations Module

nixos-unstable 1.0.2-3
- nixpkgs-unstable 1.0.2-3
- nixos-unstable-small 1.0.2-3

pkgs.lua51Packages.luabitop

Lua Bit Operations Module

nixos-unstable 1.0.2-3
- nixpkgs-unstable 1.0.2-3
- nixos-unstable-small 1.0.2-3

pkgs.lua52Packages.luabitop

Lua Bit Operations Module

nixos-unstable 1.0.2-3
- nixpkgs-unstable 1.0.2-3
- nixos-unstable-small 1.0.2-3

pkgs.luajitPackages.luabitop

Lua Bit Operations Module

nixos-unstable 1.0.2-3
- nixpkgs-unstable 1.0.2-3
- nixos-unstable-small 1.0.2-3

pkgs.tailscale-gitops-pusher

Allows users to use a GitOps flow for managing Tailscale ACLs

nixos-unstable 1.90.8
- nixpkgs-unstable 1.90.8
- nixos-unstable-small 1.90.8

pkgs.python312Packages.anitopy

Python library for parsing anime video filenames

nixos-unstable 2.1.1
- nixpkgs-unstable 2.1.1
- nixos-unstable-small 2.1.1

pkgs.python313Packages.anitopy

Python library for parsing anime video filenames

nixos-unstable 2.1.1
- nixpkgs-unstable 2.1.1
- nixos-unstable-small 2.1.1

Package not shipped in nixpkgs