Nixpkgs Security Tracker

Dismissed

Permalink CVE-2025-52623

3.7 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): LOW

updated 1 month, 2 weeks ago by @jopejoe1 Activity log

Created automatic suggestion 1 month, 2 weeks ago
@jopejoe1 removed
15 packages
- python312Packages.aionut
- python313Packages.aionut
- python314Packages.aionut
- python312Packages.aiontfy
- python313Packages.aiontfy
- python314Packages.aiontfy
- python312Packages.aionotion
- python313Packages.aionotion
- python314Packages.aionotion
- python312Packages.aionanoleaf
- python313Packages.aionanoleaf
- python314Packages.aionanoleaf
- python312Packages.electrum-aionostr
- python313Packages.electrum-aionostr
- python314Packages.electrum-aionostr
1 month, 2 weeks ago
@jopejoe1 dismissed 1 month, 2 weeks ago

HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability

HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects AION: 2.0.

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127972

Affected products

AION

==2.0

Not present in nixpkgs

Suggestion detail

References

Affected products