Nixpkgs security tracker
8.7 HIGH
- CVSS version (CVSS): 4.0
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Attack Requirement (AT): None (N)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Vulnerable System Impact Confidentiality (VC): High (H)
- Vulnerable System Impact Integrity (VI): None (N)
- Vulnerable System Impact Availability (VA): None (N)
- Subsequent System Impact Confidentiality (SC): None (N)
- Subsequent System Impact Integrity (SI): None (N)
- Subsequent System Impact Availability (SA): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Attack Requirement (MAT): None (N)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Vulnerable System Impact Confidentiality (MVC): High (H)
- Modified Vulnerable System Impact Integrity (MVI): None (N)
- Modified Vulnerable System Impact Availability (MVA): None (N)
- Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
- Modified Subsequent System Impact Integrity (MSI): Negligible (N)
- Modified Subsequent System Impact Availability (MSA): Negligible (N)
- Safety (S): Not Defined (X)
- Automatable (AU): Not Defined (X)
- Recovery (R): Not Defined (X)
- Value Density (V): Not Defined (X)
- Vulnerability Response Effort (RE): Not Defined (X)
- Provider Urgency (U): Not Defined (X)
- Confidentiality Req. (CR): Not Defined (X)
- Integrity Req. (IR): Not Defined (X)
- Availability Req. (AR): Not Defined (X)
- Exploit Maturity (E): Not Defined (X)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
2 packages
- ympd
- mpdas
- @LeSuisse ignored reference https://w…
-
@LeSuisse
ignored
45 packages
- mympd
- rtmpdump
- mpd-mpris
- mpd-small
- mpdecimal
- termpdfpy
- mopidy-mpd
- mpdris2-rs
- pam_tmpdir
- mpdscribble
- mpdcron
- mpdris2
- rofi-mpd
- dash-mpd-cli
- libmpdclient
- mpd-discord-rpc
- rtmpdump_gnutls
- listenbrainz-mpd
- mpd-notification
- perlPackages.NetMPD
- mpd-touch-screen-gui
- perl5Packages.NetMPD
- haskellPackages.libmpd
- perl538Packages.NetMPD
- perl540Packages.NetMPD
- python312Packages.mpd2
- python313Packages.mpd2
- python314Packages.mpd2
- writableTmpDirAsHomeHook
- mopidyPackages.mopidy-mpd
- perlPackages.FileUtilTempdir
- perlPackages.TestTempDirTiny
- perl5Packages.FileUtilTempdir
- perl5Packages.TestTempDirTiny
- mpd-sima
- chickenPackages_5.chickenEggs.mpd-client
- home-assistant-component-tests.mpd
- haskellPackages.mpd-current-json
- perl540Packages.TestTempDirTiny
- perl540Packages.FileUtilTempdir
- perl538Packages.TestTempDirTiny
- libmpd
- perl538Packages.FileUtilTempdir
- haskellPackages.compdata-fixplate
- compdb
- @LeSuisse restored package mpd-small
- @LeSuisse accepted
- @LeSuisse published on GitHub
Music Player Daemon < 0.24.11 Path Traversal via LocalStorage URI Handling
Music Player Daemon (MPD) before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without canonicalization, allowing '..' segments to survive into the resolved path and be flattened by the kernel at openat() time. An unauthenticated attacker can exploit this flaw using the listfiles command to enumerate names, sizes, and modification times of arbitrary directories readable by the MPD process, and the albumart command to read image files in any attacker-chosen directory outside the configured music_directory.
References
-
https://mstreet97.github.io/security-research/opensource/vulnerability-disclosu… technical-descriptionexploit
-
-
https://github.com/MusicPlayerDaemon/MPD/issues/2484 issue-tracking
Ignored references (1)
-
https://www.vulncheck.com/advisories/music-player-daemon-path-traversal-via-loc… third-party-advisory
Affected products
- <0.24.11
Matching in nixpkgs
pkgs.mpd
Flexible, powerful daemon for playing music
Ignored packages (46)
pkgs.ympd
Standalone MPD Web GUI written in C, utilizing Websockets and Bootstrap/JS
pkgs.mpdas
Music Player Daemon AudioScrobbler
pkgs.mympd
Standalone and mobile friendly web mpd client with a tiny footprint and advanced features
pkgs.compdb
Command line tool to manipulate compilation databases
pkgs.libmpd
Higher level access to MPD functions
pkgs.mpdcron
Cron like daemon for mpd
pkgs.mpdris2
MPRIS 2 support for mpd
pkgs.mpd-sima
Autoqueuing mpd client
pkgs.rofi-mpd
Rofi menu for interacting with MPD written in Python
pkgs.rtmpdump
Toolkit for RTMP streams
pkgs.mpd-mpris
Implementation of the MPRIS protocol for MPD
pkgs.mpdecimal
Library for arbitrary precision decimal floating point arithmetic
pkgs.termpdfpy
A graphical pdf (and epub, cbz, ...) reader that works inside the kitty terminal.
-
nixos-unstable 2022-03-28
- nixpkgs-unstable 2022-03-28
- nixos-unstable-small 2022-03-28
-
nixos-25.11 2022-03-28
- nixos-25.11-small 2022-03-28
- nixpkgs-25.11-darwin 2022-03-28
pkgs.mopidy-mpd
Mopidy extension for controlling playback from MPD clients
pkgs.mpdris2-rs
Exposing MPRIS V2.2 D-Bus interface for MPD
pkgs.pam_tmpdir
PAM module for creating safe per-user temporary directories
pkgs.mpdscribble
MPD client which submits info about tracks being played to a scrobbler
pkgs.dash-mpd-cli
Download media content from a DASH-MPEG or DASH-WebM MPD manifest
pkgs.libmpdclient
Client library for MPD (music player daemon)
pkgs.mpd-discord-rpc
Rust application which displays your currently playing song / album / artist from MPD in Discord using Rich Presence
pkgs.rtmpdump_gnutls
Toolkit for RTMP streams
pkgs.listenbrainz-mpd
ListenBrainz submission client for MPD
pkgs.mpd-notification
Notifications for mpd
pkgs.perlPackages.NetMPD
Communicate with an MPD server
pkgs.mpd-touch-screen-gui
Small MPD client that let's you view covers and has controls suitable for small touchscreens
-
nixos-unstable 2022-12-30
- nixpkgs-unstable 2022-12-30
- nixos-unstable-small 2022-12-30
-
nixos-25.11 2022-12-30
- nixos-25.11-small 2022-12-30
- nixpkgs-25.11-darwin 2022-12-30
pkgs.perl5Packages.NetMPD
Communicate with an MPD server
pkgs.haskellPackages.libmpd
An MPD client library
pkgs.perl538Packages.NetMPD
Communicate with an MPD server
pkgs.perl540Packages.NetMPD
Communicate with an MPD server
pkgs.python312Packages.mpd2
Python client module for the Music Player Daemon
-
nixos-25.11 mpd2-3.1.1
- nixos-25.11-small mpd2-3.1.1
- nixpkgs-25.11-darwin mpd2-3.1.1
pkgs.python313Packages.mpd2
Python client module for the Music Player Daemon
-
nixos-unstable mpd2-3.1.2
- nixpkgs-unstable mpd2-3.1.2
- nixos-unstable-small mpd2-3.1.2
-
nixos-25.11 mpd2-3.1.1
- nixos-25.11-small mpd2-3.1.1
- nixpkgs-25.11-darwin mpd2-3.1.1
pkgs.python314Packages.mpd2
Python client module for the Music Player Daemon
-
nixos-unstable mpd2-3.1.2
- nixpkgs-unstable mpd2-3.1.2
- nixos-unstable-small mpd2-3.1.2
pkgs.writableTmpDirAsHomeHook
None
pkgs.mopidyPackages.mopidy-mpd
Mopidy extension for controlling playback from MPD clients
pkgs.perlPackages.FileUtilTempdir
Cross-platform way to get system-wide & user private temporary directory
pkgs.perlPackages.TestTempDirTiny
Temporary directories that stick around when tests fail
pkgs.perl5Packages.FileUtilTempdir
Cross-platform way to get system-wide & user private temporary directory
pkgs.perl5Packages.TestTempDirTiny
Temporary directories that stick around when tests fail
pkgs.perl538Packages.FileUtilTempdir
Cross-platform way to get system-wide & user private temporary directory
pkgs.perl538Packages.TestTempDirTiny
Temporary directories that stick around when tests fail
pkgs.perl540Packages.FileUtilTempdir
Cross-platform way to get system-wide & user private temporary directory
pkgs.perl540Packages.TestTempDirTiny
Temporary directories that stick around when tests fail
pkgs.haskellPackages.mpd-current-json
Print current MPD song and status as JSON
pkgs.haskellPackages.compdata-fixplate
Compdata basics implemented on top of Fixplate
pkgs.home-assistant-component-tests.mpd
Open source home automation that puts local control and privacy first