Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: typstPackages.minerva-thesis_0_2_0

Found 3 matching suggestions

View:
Compact
Detailed
Dismissed
(not in Nixpkgs)
Permalink CVE-2026-5780
updated 1 week ago by @LeSuisse Activity log
  • Created suggestion 1 week ago
  • @LeSuisse dismissed (not in Nixpkgs) 1 week ago
Multiple vulnerabilities in MphRx's Minerva

An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the endpoint '/minerva/moUser/show/'. If this vulnerability is successfully exploited, an authenticated user can access the data of other registered users simply by modifying the ID. This allows an attacker to obtain a list of users.

Affected products

Minerva
  • ==3.6.0

Matching in nixpkgs

pkgs.typstPackages.minerva-thesis

Doctoral and master's theses following guidelines at Ghent University and providing some additional functions and features

pkgs.typstPackages.minerva-report-fcfm_0_1_0

Template para crear artículos, informes y tareas para la Facultad de Ciencias Físicas y Matemáticas (FCFM), pero puede ser personalizado para cualquier universidad

Package maintainers

Dismissed
(not in Nixpkgs)
Permalink CVE-2026-5781
updated 1 week ago by @LeSuisse Activity log
  • Created suggestion 1 week ago
  • @LeSuisse dismissed (not in Nixpkgs) 1 week ago
Multiple vulnerabilities in MphRx's Minerva

An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Successful exploitation of this vulnerability could allow an authenticated user to obtain administrator privileges. It is not possible to escalate privileges through the graphical user interface.

Affected products

Minerva
  • ==3.6.0

Matching in nixpkgs

pkgs.typstPackages.minerva-thesis

Doctoral and master's theses following guidelines at Ghent University and providing some additional functions and features

pkgs.typstPackages.minerva-report-fcfm_0_1_0

Template para crear artículos, informes y tareas para la Facultad de Ciencias Físicas y Matemáticas (FCFM), pero puede ser personalizado para cualquier universidad

Package maintainers

Dismissed
(not in Nixpkgs)
Permalink CVE-2026-5779
updated 1 week ago by @LeSuisse Activity log
  • Created suggestion 1 week ago
  • @LeSuisse dismissed (not in Nixpkgs) 1 week ago
Multiple vulnerabilities in MphRx's Minerva

An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an authenticated user to modify other users' information, such as their email address, and request a new password via the '/webconnect/#/forgotPassword' endpoint. This could lead to complete account takeover.

Affected products

Minerva
  • ==3.6.0

Matching in nixpkgs

pkgs.typstPackages.minerva-thesis

Doctoral and master's theses following guidelines at Ghent University and providing some additional functions and features

pkgs.typstPackages.minerva-report-fcfm_0_1_0

Template para crear artículos, informes y tareas para la Facultad de Ciencias Físicas y Matemáticas (FCFM), pero puede ser personalizado para cualquier universidad

Package maintainers