Nixpkgs security tracker

Untriaged

Permalink CVE-2024-4982

7.6 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): LOW
Availability impact (A): LOW

created 11 months ago

Pagure: path traversal in view_issue_raw_file()

A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.

References

https://access.redhat.com/security/cve/CVE-2024-4982 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2279411
RHBZ#2280726 x_refsource_REDHATissue-tracking
https://pagure.io/pagure/c/c43844d23c919133fc983fe8c0f1dfb3b86e67d0

Affected products

pagure

<5.14.1

Matching in nixpkgs

pkgs.haskellPackages.pagure

Pagure REST client library

nixos-unstable 0.1.2
- nixpkgs-unstable 0.1.2
- nixos-unstable-small 0.1.2

pkgs.haskellPackages.pagure-cli

Pagure client

nixos-unstable 0.2.1
- nixpkgs-unstable 0.2.1
- nixos-unstable-small 0.2.1

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.haskellPackages.pagure

pkgs.haskellPackages.pagure-cli