Nixpkgs security tracker
8.3 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): Low (L)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): Low (L)
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse dismissed (not in Nixpkgs)
Plane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces
Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1.
References
-
https://github.com/makeplane/plane/security/advisories/GHSA-qw87-v5w3-6vxx x_refsource_CONFIRMexploit
-
https://github.com/makeplane/plane/releases/tag/v1.3.1 x_refsource_MISC
Affected products
- ==< 1.3.1
Matching in nixpkgs
pkgs.xplanet
Renders an image of the earth or other planets into the X root window
pkgs.freeplane
Mind-mapping software
pkgs.headplane
Feature-complete Web UI for Headscale
pkgs.m2-planet
PLAtform NEutral Transpiler
pkgs.crossplane
NGINX configuration file parser and builder
pkgs.microplane
CLI tool to make git changes across many repos
pkgs.invoiceplane
Self-hosted open source application for managing your invoices, clients and payments
pkgs.m2-mesoplanet
Macro Expander Saving Our m2-PLANET
pkgs.crossplane-cli
Utility to make using Crossplane easier
pkgs.headplane-agent
Optional sidecar process providing additional features for headplane
pkgs.biplanes-revival
Old cellphone arcade recreated for PC
pkgs.planetary_annihilation
Next-generation RTS that takes the genre to a planetary scale
pkgs.perlPackages.MathPlanePath
Points on a path through the 2-D plane
pkgs.perl5Packages.MathPlanePath
Points on a path through the 2-D plane
pkgs.dprint-plugins.g-plane-malva
CSS, SCSS, Sass and Less formatter
pkgs.python313Packages.crossplane
NGINX configuration file parser and builder
pkgs.python314Packages.crossplane
NGINX configuration file parser and builder
pkgs.dprint-plugins.g-plane-markup_fmt
HTML, Vue, Svelte, Astro, Angular, Jinja, Twig, Nunjucks, and Vento formatter
pkgs.dprint-plugins.g-plane-pretty_yaml
YAML formatter
pkgs.python313Packages.envoy-data-plane
Python dataclasses for the Envoy Data-Plane-API
pkgs.python314Packages.envoy-data-plane
Python dataclasses for the Envoy Data-Plane-API
pkgs.python313Packages.planetary-computer
Planetary Computer SDK for Python
-
nixos-unstable 1.0.0.post0
- nixpkgs-unstable 1.0.0.post0
- nixos-unstable-small 1.0.0.post0
-
nixos-26.05 1.0.0.post0
- nixos-26.05-small 1.0.0.post0
- nixpkgs-26.05-darwin 1.0.0.post0
pkgs.python314Packages.planetary-computer
Planetary Computer SDK for Python
-
nixos-unstable 1.0.0.post0
- nixpkgs-unstable 1.0.0.post0
- nixos-unstable-small 1.0.0.post0
-
nixos-26.05 1.0.0.post0
- nixos-26.05-small 1.0.0.post0
- nixpkgs-26.05-darwin 1.0.0.post0
pkgs.dprint-plugins.g-plane-pretty_graphql
GraphQL formatter
pkgs.azure-cli-extensions.planetarycomputer
Microsoft Azure Command-Line Tools Planetary Computer Extension
pkgs.haskellPackages.amazonka-iot-dataplane
Amazon IoT Data Plane SDK
-
nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
-
nixos-26.05 2.0-unstable-2025-04-16
- nixos-26.05-small 2.0-unstable-2025-04-16
- nixpkgs-26.05-darwin 2.0-unstable-2025-04-16
pkgs.python313Packages.greenplanet-energy-api
Async Python library for querying the Green Planet Energy API
pkgs.python314Packages.greenplanet-energy-api
Async Python library for querying the Green Planet Energy API
pkgs.haskellPackages.amazonka-iot-jobs-dataplane
Amazon IoT Jobs Data Plane SDK
-
nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
-
nixos-26.05 2.0-unstable-2025-04-16
- nixos-26.05-small 2.0-unstable-2025-04-16
- nixpkgs-26.05-darwin 2.0-unstable-2025-04-16
pkgs.vscode-extensions.gplane.wasm-language-tools
Language support of WebAssembly
pkgs.haskellPackages.amazonka-mediastore-dataplane
Amazon Elemental MediaStore Data Plane SDK
-
nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
-
nixos-26.05 2.0-unstable-2025-04-16
- nixos-26.05-small 2.0-unstable-2025-04-16
- nixpkgs-26.05-darwin 2.0-unstable-2025-04-16
Package maintainers
-
@katexochen Paul Meyer <katexochen0@gmail.com>
-
@KAction Dmitry Bogatov <KAction@disroot.org>
-
@LorenzBischof Lorenz Bischof <nix@lorenzbischof.ch>
-
@selfuryon Sergei Iakovlev <siakovlev@pm.me>
-
@phanirithvij Phani Rithvij <phanirithvij2000@gmail.com>
-
@charles-dyfis-net Charles Duffy <charles@dyfis.net>
-
@StealthBadger747 Erik Parawell <parawell.erik@gmail.com>
-
@igor-ramazanov Igor Ramazanov <personal@igorramazanov.tech>
-
@onny Jonas Heinrich <onny@project-insanity.org>
-
@alejandrosame Alejandro Sánchez Medina <alejandrosanchzmedina@gmail.com>
-
@emilytrau Emily Trau <emily+nix@downunderctf.com>
-
@Artturin Artturi N <artturin@artturin.com>
-
@Gskartwii Aleksi Hannula <ahannula4@gmail.com>
-
@06kellyjac Jack <hello+nixpkgs@j-k.io>
-
@pyrox0 Pyrox <pyrox@pyrox.dev>
-
@Ericson2314 John Ericson <John.Ericson@Obsidian.Systems>
-
@siraben Siraphob Phipathananunth <bensiraphob@gmail.com>
-
@dbirks David Birks <david@birks.dev>
-
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>
-
@JamieMagee Jamie Magee <jamie.magee@gmail.com>
-
@daspk04 Pratyush Das <dpratyush.k@gmail.com>
-
@samestep Sam Estep <sam@samestep.com>
-
@Lassulus Lassulus <lassulus@gmail.com>