Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed
Permalink CVE-2026-22723
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 2 weeks, 1 day ago by @mweinelt Activity log
  • Created automatic suggestion 2 weeks, 3 days ago
  • @mweinelt removed
    23 packages
    • rubyPackages.cf-uaac
    • rubyPackages.cf-uaa-lib
    • haskellPackages.quaalude
    • rubyPackages_3_1.cf-uaac
    • rubyPackages_3_2.cf-uaac
    • rubyPackages_3_3.cf-uaac
    • rubyPackages_3_4.cf-uaac
    • rubyPackages_4_0.cf-uaac
    • typstPackages.touying-buaa
    • rubyPackages_3_1.cf-uaa-lib
    • rubyPackages_3_2.cf-uaa-lib
    • rubyPackages_3_3.cf-uaa-lib
    • rubyPackages_3_4.cf-uaa-lib
    • rubyPackages_4_0.cf-uaa-lib
    • typstPackages.modern-buaa-thesis
    • typstPackages.touying-buaa_0_1_0
    • typstPackages.touying-buaa_0_2_0
    • typstPackages.buaa-unofficial-gradient
    • typstPackages.modern-buaa-thesis_0_1_0
    • typstPackages.modern-buaa-thesis_0_1_1
    • typstPackages.modern-buaa-thesis_0_1_2
    • typstPackages.modern-buaa-thesis_0_2_0
    • typstPackages.buaa-unofficial-gradient_0_1_0
    2 weeks, 1 day ago
  • @mweinelt dismissed 2 weeks, 1 day ago
UAA User Token Revocation logic error

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0.

References

Affected products

UAA
  • =<v78.7.0
Ignored packages (23) 
Not in nixpkgs