Nixpkgs security tracker

Dismissed

(not in Nixpkgs)

Permalink CVE-2025-52608

3.1 LOW

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): Low (L)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): None (N)

updated 2 weeks, 1 day ago by @LeSuisse Activity log

Created suggestion 2 weeks, 1 day ago
@LeSuisse dismissed (not in Nixpkgs) 2 weeks, 1 day ago

HCL iControl was affected by Missing Cookie Attributes vulnerability.

HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root.

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131061

Affected products

iControl

==4.0.0

Matching in nixpkgs

pkgs.python313Packages.f5-icontrol-rest

F5 BIG-IP iControl REST API client

nixos-unstable f5-icontrol-rest-1.3.16
- nixpkgs-unstable f5-icontrol-rest-1.3.16
- nixos-unstable-small f5-icontrol-rest-1.3.16
nixos-26.05 f5-icontrol-rest-1.3.16
- nixos-26.05-small f5-icontrol-rest-1.3.16
- nixpkgs-26.05-darwin f5-icontrol-rest-1.3.16

pkgs.python314Packages.f5-icontrol-rest