Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: tuleap-cli

Found 3 matching suggestions

Dismissed
Permalink CVE-2026-24007
updated 1 week ago by @LeSuisse Activity log
  • Created automatic suggestion 1 week, 2 days ago
  • @LeSuisse dismissed 1 week ago
Tuleap is missing CSRF protection in the Overview inconsistent items

Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap is missing CSRF protection in the Overview inconsistent items. An attacker could use this vulnerability to trick victims into repairing inconsistent items (creating artifact links from the release). This vulnerability is fixed in Tuleap Community Edition 17.0.99.1768924735 and Tuleap Enterprise Edition 17.2-5, 17.1-6, and 17.0-9.

Affected products

tuleap
  • ==< 17.0.99.1768924735

Matching in nixpkgs

Package maintainers

False positive, impacts `tuleap` (not package in nixpkgs) not `tuleap-cli`
Untriaged
Permalink CVE-2023-6236
created 4 months, 3 weeks ago
Jboss eap: oidc app attempting to access the second tenant, the user should be prompted to log

A flaw was found in JBoss EAP. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in OidcSessionTokenStore when determining if a cached token should be used or not. This logic needs to be updated to take into account the new "provider-url" option in addition to the "realm" option.

Affected products

eap
wildfly
eap8-elytron-web
  • *
eap8-wildfly-elytron
  • *

Matching in nixpkgs

pkgs.reap

Run process until all its spawned processes are dead

pkgs.leaps

Pair programming tool and library written in Golang

  • nixos-unstable -

pkgs.reaper

Digital audio workstation

  • nixos-unstable -

pkgs.teapot

Table Editor And Planner, Or: Teapot

  • nixos-unstable -

pkgs.adreaper

Enumeration tool for Windows Active Directories

  • nixos-unstable -

pkgs.reaper-go

Application security testing framework

  • nixos-unstable -

pkgs.tuleap-cli

Command-line interface for the Tuleap API

  • nixos-unstable -

pkgs.libfreeaptx

Free Implementation of Audio Processing Technology codec (aptX)

  • nixos-unstable -

pkgs.python312Packages.deap

Novel evolutionary computation framework for rapid prototyping and testing of ideas

  • nixos-unstable -

pkgs.python313Packages.deap

Novel evolutionary computation framework for rapid prototyping and testing of ideas

  • nixos-unstable -

pkgs.gnomeExtensions.ideapad-controls

Control Lenovo IdeaPad laptops options: Conservation Mode, Camera Lock, Fn Lock, Touchpad Lock, USB charging

  • nixos-unstable -
    • nixpkgs-unstable 3

Package maintainers

Untriaged
Permalink CVE-2024-1233
created 4 months, 3 weeks ago
Jboss eap: wildfly-elytron has a ssrf security issue

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.

Affected products

eap
wildfly
  • <32.0.0.Final
eap7-netty
  • *
eap7-wss4j
  • *
eap7-wildfly
  • *
eap7-undertow
  • *
eap7-hibernate
  • *
eap7-apache-cxf
  • *
eap7-infinispan
  • *
eap7-hal-console
  • *
eap8-elytron-web
  • *
eap7-glassfish-el
  • *
eap7-jackson-core
  • *
eap7-xml-security
  • *
eap7-jboss-modules
  • *
eap7-jboss-metadata
  • *
eap7-wildfly-elytron
  • *
eap7-wildfly-openssl
  • *
eap8-wildfly-elytron
  • *
eap7-jackson-databind
  • *
eap7-jboss-ejb-client
  • *
eap7-wildfly-discovery
  • *
eap7-jackson-annotations
  • *
eap7-wildfly-http-client
  • *
eap7-jackson-modules-base
  • *
eap7-jackson-modules-java8
  • *
eap7-wildfly-naming-client
  • *
eap7-wildfly-openssl-linux
  • *
eap7-jboss-jsf-api_2.3_spec
  • *
eap7-jboss-server-migration
  • *
eap7-jackson-jaxrs-providers
  • *
eap7-wildfly-transaction-client
  • *
org.wildfly.security/wildfly-elytron
  • *

Matching in nixpkgs

pkgs.reap

Run process until all its spawned processes are dead

pkgs.leaps

Pair programming tool and library written in Golang

  • nixos-unstable -

pkgs.reaper

Digital audio workstation

  • nixos-unstable -

pkgs.teapot

Table Editor And Planner, Or: Teapot

  • nixos-unstable -

pkgs.adreaper

Enumeration tool for Windows Active Directories

  • nixos-unstable -

pkgs.reaper-go

Application security testing framework

  • nixos-unstable -

pkgs.tuleap-cli

Command-line interface for the Tuleap API

  • nixos-unstable -

pkgs.libfreeaptx

Free Implementation of Audio Processing Technology codec (aptX)

  • nixos-unstable -

pkgs.python312Packages.deap

Novel evolutionary computation framework for rapid prototyping and testing of ideas

  • nixos-unstable -

pkgs.python313Packages.deap

Novel evolutionary computation framework for rapid prototyping and testing of ideas

  • nixos-unstable -

pkgs.gnomeExtensions.ideapad-controls

Control Lenovo IdeaPad laptops options: Conservation Mode, Camera Lock, Fn Lock, Touchpad Lock, USB charging

  • nixos-unstable -
    • nixpkgs-unstable 3

Package maintainers