Suggestions search

All statuses

Filter by:

With package: haskellPackages.distribution-nixpkgs

Found 2 matching suggestions

View:

Compact

Detailed

Dismissed

Permalink CVE-2026-25137

9.1 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 1 month, 2 weeks ago by @Scrumplex Activity log

Created automatic suggestion 1 month, 2 weeks ago
@Scrumplex dismissed 1 month, 2 weeks ago

NixOs Odoo database and filestore publicly accessible with default odoo configuration

The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store. Unauthorized access is evident from http requests. If kept, searching access logs and/or Odoos log for requests to /web/database can give indicators, if this has been actively exploited. The database manager is a featured intended for development and not meant to be publicly reachable. On other setups, a master password acts as 2nd line of defence. However, due to the nature of NixOS, Odoo is not able to modify its own configuration file and thus unable to persist the auto-generated password. This also applies when manually setting a master password in the web-UI. This means, the password is lost when restarting Odoo. When no password is set, the user is prompted to set one directly via the database manager. This requires no authentication or action by any authorized user or the system administrator. Thus, the database is effectively world readable by anyone able to reach Odoo. This vulnerability is fixed in 25.11 and 26.05.

References

https://github.com/NixOS/nixpkgs/security/advisories/GHSA-cwmq-6wv5-f3px x_refsource_CONFIRM
https://github.com/NixOS/nixpkgs/pull/485310 x_refsource_MISC
https://github.com/NixOS/nixpkgs/pull/485454 x_refsource_MISC
https://github.com/NixOS/nixpkgs/pull/485310 x_refsource_MISC
https://github.com/NixOS/nixpkgs/pull/485454 x_refsource_MISC
https://github.com/NixOS/nixpkgs/security/advisories/GHSA-cwmq-6wv5-f3px x_refsource_CONFIRM

Affected products

nixpkgs

==>= 21.11, < 25.11

Matching in nixpkgs

pkgs.manual

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.metrics

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tarball

Source distribution

nixos-unstable 25.11pre1234.abcdef
- nixpkgs-unstable 26.05pre1234.abcdef
- nixos-unstable-small 26.05pre1234.abcdef
nixos-25.11 -
- nixos-25.11-small 25.11pre1234.abcdef
- nixpkgs-25.11-darwin 25.11pre1234.abcdef

pkgs.unstable

Release-critical builds for the Nixpkgs unstable channel

nixos-unstable 25.11pre1234.abcdef
- nixpkgs-unstable 26.05pre1234.abcdef
- nixos-unstable-small 26.05pre1234.abcdef
nixos-25.11 -
- nixos-25.11-small 25.11pre1234.abcdef
- nixpkgs-25.11-darwin 25.11pre1234.abcdef

pkgs.lib-tests

None

nixos-unstable -
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.nixpkgs-fmt

Nix code formatter for nixpkgs

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.11 -
- nixos-25.11-small 1.3.0
- nixpkgs-25.11-darwin 1.3.0

pkgs.nixpkgs-vet

Tool to vet (check) Nixpkgs, including its pkgs/by-name directory

nixos-unstable 0.1.4
- nixpkgs-unstable 0.1.4
- nixos-unstable-small 0.1.4
nixos-25.11 -
- nixos-25.11-small 0.1.4
- nixpkgs-25.11-darwin 0.1.4

pkgs.nixpkgs-lint

A utility for Nixpkgs contributors to check Nixpkgs for common errors

nixos-unstable 1
- nixpkgs-unstable 1
- nixos-unstable-small 1
nixos-25.11 -
- nixos-25.11-small 1
- nixpkgs-25.11-darwin 1

pkgs.darwin-tested

Release-critical builds for the Nixpkgs darwin channel

nixos-unstable 25.11pre1234.abcdef
- nixpkgs-unstable 26.05pre1234.abcdef
- nixos-unstable-small 26.05pre1234.abcdef
nixos-25.11 -
- nixos-25.11-small 25.11pre1234.abcdef
- nixpkgs-25.11-darwin 25.11pre1234.abcdef

pkgs.dhall-nixpkgs

Convert Dhall projects to Nix packages

nixos-unstable 1.0.10
- nixpkgs-unstable 1.0.10
- nixos-unstable-small 1.0.10
nixos-25.11 -
- nixos-25.11-small 1.0.10
- nixpkgs-25.11-darwin 1.0.10

pkgs.nixpkgs-track

Track where Nixpkgs pull requests have reached

nixos-unstable 0.3.0
- nixpkgs-unstable 0.5.0
- nixos-unstable-small 0.5.0
nixos-25.11 -
- nixos-25.11-small 0.3.0
- nixpkgs-25.11-darwin 0.3.0

pkgs.nixpkgs-manual

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.nixpkgs-review

Review pull-requests on https://github.com/NixOS/nixpkgs

nixos-unstable 3.5.1
- nixpkgs-unstable 3.6.0
- nixos-unstable-small 3.6.0
nixos-25.11 -
- nixos-25.11-small 3.5.1
- nixpkgs-25.11-darwin 3.5.1

pkgs.release-checks

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.nixpkgs-pytools

Tools for removing the tedious nature of creating nixpkgs derivations

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.11 -
- nixos-25.11-small 1.3.0
- nixpkgs-25.11-darwin 1.3.0

pkgs.tests.lib-tests

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.nixpkgs-hammering

Set of nit-picky rules that aim to point out and explain common mistakes in nixpkgs package pull requests

nixos-unstable 0-unstable-2025-09-10
- nixpkgs-unstable 0-unstable-2025-09-10
- nixos-unstable-small 0-unstable-2025-09-10
nixos-25.11 -
- nixos-25.11-small 0-unstable-2025-09-10
- nixpkgs-25.11-darwin 0-unstable-2025-09-10

pkgs.nixpkgs-reviewFull

Review pull-requests on https://github.com/NixOS/nixpkgs

nixos-unstable 3.5.1
- nixpkgs-unstable 3.6.0
- nixos-unstable-small 3.6.0
nixos-25.11 -
- nixos-25.11-small 3.5.1
- nixpkgs-25.11-darwin 3.5.1

pkgs.nixpkgs-lint-community

Fast semantic linter for Nix using tree-sitter

nixos-unstable 0.3.0
- nixpkgs-unstable 0.3.0
- nixos-unstable-small 0.3.0
nixos-25.11 -
- nixos-25.11-small 0.3.0
- nixpkgs-25.11-darwin 0.3.0

pkgs.tests.pkgs-lib.formats

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.nixpkgs-openjdk-updater

Updater for Nixpkgs OpenJDK packages

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 -
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.python312Packages.nixpkgs

Allows to `from nixpkgs import` stuff in interactive Python sessions

pkgs.python313Packages.nixpkgs

Allows to `from nixpkgs import` stuff in interactive Python sessions

pkgs.haskellPackages.dhall-nixpkgs

Convert Dhall projects to Nix packages

nixos-unstable 1.0.10
- nixpkgs-unstable 1.0.10
- nixos-unstable-small 1.0.10
nixos-25.11 -
- nixos-25.11-small 1.0.10
- nixpkgs-25.11-darwin 1.0.10

pkgs.lixPackageSets.git.nixpkgs-review

Review pull-requests on https://github.com/NixOS/nixpkgs

nixos-unstable 3.5.1
- nixpkgs-unstable 3.6.0
- nixos-unstable-small 3.6.0
nixos-25.11 -
- nixos-25.11-small 3.5.1
- nixpkgs-25.11-darwin 3.5.1

pkgs.python312Packages.nixpkgs-pytools

Tools for removing the tedious nature of creating nixpkgs derivations

nixos-unstable 1.3.0
nixos-25.11 -
- nixos-25.11-small 1.3.0
- nixpkgs-25.11-darwin 1.3.0

pkgs.python313Packages.nixpkgs-pytools

Tools for removing the tedious nature of creating nixpkgs derivations

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.11 -
- nixos-25.11-small 1.3.0
- nixpkgs-25.11-darwin 1.3.0

pkgs.python314Packages.nixpkgs-pytools

Tools for removing the tedious nature of creating nixpkgs derivations

nixos-unstable -
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0

pkgs.tests.trivial-builders.references

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.haskellPackages.distribution-nixpkgs

Types and functions to manipulate the Nixpkgs distribution

nixos-unstable 1.7.1.1
- nixpkgs-unstable 1.7.1.1
- nixos-unstable-small 1.7.1.1
nixos-25.11 -
- nixos-25.11-small 1.7.1.1
- nixpkgs-25.11-darwin 1.7.1.1

pkgs.lixPackageSets.stable.nixpkgs-review

Review pull-requests on https://github.com/NixOS/nixpkgs

nixos-unstable 3.5.1
- nixpkgs-unstable 3.6.0
- nixos-unstable-small 3.6.0
nixos-25.11 -
- nixos-25.11-small 3.5.1
- nixpkgs-25.11-darwin 3.5.1

pkgs.lixPackageSets.git.nixpkgs-reviewFull

Review pull-requests on https://github.com/NixOS/nixpkgs

nixos-unstable -
- nixpkgs-unstable 3.6.0
- nixos-unstable-small 3.6.0

pkgs.lixPackageSets.lix_2_90.nixpkgs-review

Review pull-requests on https://github.com/NixOS/nixpkgs

pkgs.lixPackageSets.lix_2_92.nixpkgs-review

Review pull-requests on https://github.com/NixOS/nixpkgs

pkgs.lixPackageSets.lix_2_93.nixpkgs-review

Review pull-requests on https://github.com/NixOS/nixpkgs

nixos-unstable -
- nixos-unstable-small 3.6.0

pkgs.lixPackageSets.lix_2_94.nixpkgs-review

Review pull-requests on https://github.com/NixOS/nixpkgs

nixos-unstable 3.5.1
- nixpkgs-unstable 3.6.0
nixos-25.11 -
- nixos-25.11-small 3.5.1
- nixpkgs-25.11-darwin 3.5.1

pkgs.python312Packages.nixpkgs-plugin-update

Library for updating plugin collections in Nixpkgs

nixos-unstable 0.1.0
nixos-25.11 -
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.python313Packages.nixpkgs-plugin-update

Library for updating plugin collections in Nixpkgs

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 -
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.python314Packages.nixpkgs-plugin-update

Library for updating plugin collections in Nixpkgs

nixos-unstable -
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0

pkgs.lixPackageSets.stable.nixpkgs-reviewFull

Review pull-requests on https://github.com/NixOS/nixpkgs

nixos-unstable -
- nixpkgs-unstable 3.6.0
- nixos-unstable-small 3.6.0

pkgs.lixPackageSets.lix_2_93.nixpkgs-reviewFull

Review pull-requests on https://github.com/NixOS/nixpkgs

nixos-unstable -
- nixos-unstable-small 3.6.0

pkgs.lixPackageSets.lix_2_94.nixpkgs-reviewFull

Review pull-requests on https://github.com/NixOS/nixpkgs

nixos-unstable -
- nixpkgs-unstable 3.6.0

pkgs.python312Packages.nixpkgs-updaters-library

Boilerplate-less updater library for Nixpkgs ecosystems

pkgs.python313Packages.nixpkgs-updaters-library

Boilerplate-less updater library for Nixpkgs ecosystems

nixos-unstable 3.0.0
- nixpkgs-unstable 3.1.1
- nixos-unstable-small 3.1.1
nixos-25.11 -
- nixos-25.11-small 3.0.0
- nixpkgs-25.11-darwin 3.0.0

pkgs.python314Packages.nixpkgs-updaters-library

Boilerplate-less updater library for Nixpkgs ecosystems

nixos-unstable -
- nixpkgs-unstable 3.1.1
- nixos-unstable-small 3.1.1

pkgs.vscode-extensions.b4dm4n.vscode-nixpkgs-fmt

None

nixos-unstable B4dM4n-nixpkgs-fmt-0.0.1
- nixpkgs-unstable B4dM4n-nixpkgs-fmt-0.0.1
- nixos-unstable-small B4dM4n-nixpkgs-fmt-0.0.1
nixos-25.11 -
- nixos-25.11-small B4dM4n-nixpkgs-fmt-0.0.1
- nixpkgs-25.11-darwin B4dM4n-nixpkgs-fmt-0.0.1

pkgs.haskellPackages.distribution-nixpkgs-unstable

Types and functions to manipulate the Nixpkgs distribution

nixos-unstable 1.7.1.1-unstable-2025-11-11
- nixpkgs-unstable 1.7.1.1-unstable-2026-01-25
- nixos-unstable-small 1.7.1.1-unstable-2026-01-25
nixos-25.11 -
- nixos-25.11-small 1.7.1.1-unstable-2025-11-20
- nixpkgs-25.11-darwin 1.7.1.1-unstable-2025-11-20

Package maintainers

@Gabriella439 Gabriella Gonzalez <GenuineGabriella@gmail.com>
@sternenseemann Lukas Epple <sternenseemann@systemli.org>
@figsoda figsoda <figsoda@pm.me>
@Mic92 Jörg Thalheim <joerg@thalheim.io>
@zimbatm zimbatm <zimbatm@zimbatm.com>
@edolstra Eelco Dolstra <edolstra+nixpkgs@gmail.com>
@Artturin Artturi N <artturin@artturin.com>
@emilazy Emily <nixpkgs@emily.moe>
@isabelroses Isabel Roses <isabel@isabelroses.com>
@uncenter uncenter <uncenter@uncenter.dev>
@willbush Will Bush <git@willbush.dev>
@philiptaron Philip Taron <philip.taron@gmail.com>
@t184256 Alexander Sosedkin <monk@unboiled.info>
@PerchunPak Perchun Pak <nixpkgs@perchun.it>
@roberth Robert Hensing <nixpkgs@roberthensing.nl>
@ShamrockLee Yueh-Shun Li <shamrocklee@posteo.net>
@mdaniels5757 Michael Daniels <nix@mdaniels.me>
@teto Matthieu Coudron <mcoudron@hotmail.com>
@khaneliman Austin Horstman <khaneliman12@gmail.com>

This CVE was filed in Nixpkgs.

Untriaged

Permalink CVE-2025-24976

created 1 month, 3 weeks ago

Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT

Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a JSON web token (JWT). The issue lies in how the JSON web key (JWK) verification is performed. When a JWT contains a JWK header without a certificate chain, the code only checks if the KeyID (`kid`) matches one of the trusted keys, but doesn't verify that the actual key material matches. A fix for the issue is available at commit 5ea9aa028db65ca5665f6af2c20ecf9dc34e5fcd and expected to be a part of version 3.0.0-rc.3. There is no way to work around this issue without patching if the system requires token authentication.