CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45593 – Nix affected by unsafe NAR unpacking
https://notcve.org/view.php?id=CVE-2024-45593
Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6. • https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59 https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45049 – Nix Hydra Missing authentication when triggering evaluations
https://notcve.org/view.php?id=CVE-2024-45049
Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying https://github.com/NixOS/hydra/commit/f73043378907c2c7e44f633ad764c8bdd1c947d5 to any Hydra package. Users are advised to upgrade. • https://github.com/NixOS/hydra/security/advisories/GHSA-xv29-v93r-2f5v https://github.com/NixOS/nixpkgs/pull/337766 https://github.com/NixOS/hydra/commit/f73043378907c2c7e44f633ad764c8bdd1c947d5 https://mastodon.delroth.net/@delroth/113029832631860419 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43378 – calamares-nixos-extensions LUKS keyfile exposure regression on legacy BIOS systems
https://notcve.org/view.php?id=CVE-2024-43378
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users who installed NixOS through the graphical installer who used manual disk partitioning to create a setup where the system was booted via legacy BIOS rather than UEFI; some disk partitions are encrypted; but the partitions containing either `/` or `/boot` are unencrypted; have their LUKS disk encryption key file in plain text either in `/crypto_keyfile.bin`, or in a CPIO archive attached to their NixOS initrd. `nixos-install` is not affected, nor are UEFI installations, nor was the default automatic partitioning configuration on legacy BIOS systems. The problem has been fixed in calamares-nixos-extensions 0.3.17, which was included in NixOS. The current installer images for the NixOS 24.05 and unstable (24.11) channels are unaffected. • https://github.com/NixOS/calamares-nixos-extensions/security/advisories/GHSA-vfxf-gpmj-2p25 https://github.com/NixOS/calamares-nixos-extensions/security/advisories/GHSA-3rvf-24q2-24ww https://github.com/NixOS/calamares-nixos-extensions/pull/43 https://github.com/NixOS/nixpkgs/pull/331607 https://github.com/NixOS/nixpkgs/pull/334252 • CWE-256: Plaintext Storage of a Password •
CVSS: 3.6EPSS: 0%CPEs: 6EXPL: 0CVE-2024-38531 – Nix sandbox escape
https://notcve.org/view.php?id=CVE-2024-38531
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4. Nix es un administrador de paquetes para Linux y otros sistemas Unix que hace que la administración de paquetes sea confiable y reproducible. • https://github.com/NixOS/nix/pull/10501 https://github.com/NixOS/nix/security/advisories/GHSA-q82p-44mg-mgh5 • CWE-278: Insecure Preserved Inherited Permissions •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32657 – Hydra has persistent XSS vulnerability serving HTML build outputs
https://notcve.org/view.php?id=CVE-2024-32657
Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is serving NixOS `.iso` files. The issue is only with html files served by Hydra. • https://github.com/NixOS/hydra/commit/b72528be5074f3e62e9ae2c2ae8ef9c07a0b4dd3 https://github.com/NixOS/hydra/security/advisories/GHSA-2p75-6g9f-pqgx https://github.com/NixOS/nixpkgs/pull/306017 https://github.com/NixOS/nixpkgs/pull/306018 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •