Nixpkgs Security Tracker

Dismissed

Permalink CVE-2025-52633

3.1 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): HIGH
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): LOW

updated 1 month, 2 weeks ago by @jopejoe1 Activity log

Created automatic suggestion 1 month, 2 weeks ago
@jopejoe1 removed
15 packages
- python312Packages.aionut
- python313Packages.aionut
- python314Packages.aionut
- python312Packages.aiontfy
- python313Packages.aiontfy
- python314Packages.aiontfy
- python312Packages.aionotion
- python313Packages.aionotion
- python314Packages.aionotion
- python312Packages.aionanoleaf
- python313Packages.aionanoleaf
- python314Packages.aionanoleaf
- python312Packages.electrum-aionostr
- python313Packages.electrum-aionostr
- python314Packages.electrum-aionostr
1 month, 2 weeks ago
@jopejoe1 dismissed 1 month, 2 weeks ago

HCL AION is susceptible to Missing Content-Security-Policy

HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0.

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127972

Affected products

AION

==2.0

Not present in nixpkgs

Suggestion detail

References

Affected products