CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43378 – calamares-nixos-extensions LUKS keyfile exposure regression on legacy BIOS systems
https://notcve.org/view.php?id=CVE-2024-43378
15 Aug 2024 — calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users who installed NixOS through the graphical installer who used manual disk partitioning to create a setup where the system was booted via legacy BIOS rather than UEFI; some disk partitions are encrypted; but the partitions containing either `/` or `/boot` are unencrypted; have their LUKS disk encryption key file in plain text either in `/crypto_keyfile.bin`, or in a CPIO archive attached to their N... • https://github.com/NixOS/calamares-nixos-extensions/security/advisories/GHSA-vfxf-gpmj-2p25 • CWE-256: Plaintext Storage of a Password •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36476 – `calamares-nixos-extensions` LUKS keyfile exposure
https://notcve.org/view.php?id=CVE-2023-36476
29 Jun 2023 — calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted `/boot`, on either non-UEFI systems or with a LUKS partition different from `/` have their LUKS key file in `/boot` as a plaintext CPIO archive attached to their NixOS initrd. A patch is available and anticipated to be part of version 0.3.13 to backport to NixO... • https://github.com/NixOS/calamares-nixos-extensions/security/advisories/GHSA-3rvf-24q2-24ww • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •