Nixpkgs security tracker
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse dismissed (not in Nixpkgs)
Multiple vulnerabilities in MphRx's Minerva
An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an authenticated user to modify other users' information, such as their email address, and request a new password via the '/webconnect/#/forgotPassword' endpoint. This could lead to complete account takeover.
Affected products
- ==3.6.0
Matching in nixpkgs
pkgs.typstPackages.minerva-thesis
Doctoral and master's theses following guidelines at Ghent University and providing some additional functions and features
pkgs.typstPackages.minerva-report-fcfm
Template de artículos, informes y tareas para la Facultad de Ciencias Físicas y Matemáticas (FCFM
pkgs.typstPackages.minerva-thesis_0_1_3
Theses following guidelines at Ghent University and with some additional functions and features
pkgs.typstPackages.minerva-thesis_0_2_0
Doctoral and master's theses with both Ghent University specific and generic features
pkgs.typstPackages.minerva-thesis_0_2_1
Doctoral and master's theses following guidelines at Ghent University and providing some additional functions and features
pkgs.typstPackages.minerva-report-fcfm_0_1_0
Template para crear artículos, informes y tareas para la Facultad de Ciencias Físicas y Matemáticas (FCFM), pero puede ser personalizado para cualquier universidad
pkgs.typstPackages.minerva-report-fcfm_0_2_0
Template de artículos, informes y tareas para la Facultad de Ciencias Físicas y Matemáticas (FCFM
pkgs.typstPackages.minerva-report-fcfm_0_2_1
Template de artículos, informes y tareas para la Facultad de Ciencias Físicas y Matemáticas (FCFM
Package maintainers
-
@RossSmyth Ross Smyth
-
@cherrypiejam Gongqi Huang