CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43378 – calamares-nixos-extensions LUKS keyfile exposure regression on legacy BIOS systems
https://notcve.org/view.php?id=CVE-2024-43378
15 Aug 2024 — calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users who installed NixOS through the graphical installer who used manual disk partitioning to create a setup where the system was booted via legacy BIOS rather than UEFI; some disk partitions are encrypted; but the partitions containing either `/` or `/boot` are unencrypted; have their LUKS disk encryption key file in plain text either in `/crypto_keyfile.bin`, or in a CPIO archive attached to their N... • https://github.com/NixOS/calamares-nixos-extensions/security/advisories/GHSA-vfxf-gpmj-2p25 • CWE-256: Plaintext Storage of a Password •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36476 – `calamares-nixos-extensions` LUKS keyfile exposure
https://notcve.org/view.php?id=CVE-2023-36476
29 Jun 2023 — calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted `/boot`, on either non-UEFI systems or with a LUKS partition different from `/` have their LUKS key file in `/boot` as a plaintext CPIO archive attached to their NixOS initrd. A patch is available and anticipated to be part of version 0.3.13 to backport to NixO... • https://github.com/NixOS/calamares-nixos-extensions/security/advisories/GHSA-3rvf-24q2-24ww • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11501
https://notcve.org/view.php?id=CVE-2017-11501
20 Jul 2017 — NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with users.ldap.useTLS, peer verification will be unconditionally disabled in /etc/ldap.conf. NixOS versión 17.03 y anteriores tienen una ausencia predeterminada involuntaria de la comprobación de certificado SSL para LDAP. El módulo users.ldap NixOS... • http://openwall.com/lists/oss-security/2017/07/20/1 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7412
https://notcve.org/view.php?id=CVE-2017-7412
04 Apr 2017 — NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands. NixOS 17.03 en versiones anteriores a 17.03.887 tiene un Docker socket de escritura universal, el cual permite a los usuarios locales obtener privilegios mediante la ejecución de comandos docker. • http://lists.science.uu.nl/pipermail/nix-dev/2017-April/023329.html •