Nixpkgs Security Tracker

Dismissed

Permalink CVE-2025-49974

updated 7 months, 1 week ago by @fricklerhandwerk Activity log

Created automatic suggestion 7 months, 1 week ago
@fricklerhandwerk dismissed 7 months, 1 week ago

WordPress UpStream: a Project Management Plugin for WordPress plugin <= 2.1.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in upstreamplugin UpStream: a Project Management Plugin for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects UpStream: a Project Management Plugin for WordPress: from n/a through 2.1.0.

Affected products

upstream

=<2.1.0

Matching in nixpkgs

pkgs.git-upstream

Shortcut for `git push --set-upstream`

nixos-unstable 1.6.0
- nixpkgs-unstable 1.6.0
- nixos-unstable-small 1.6.0
nixos-25.05 -
- nixos-25.05-small 1.6.0

pkgs.lomiri.qtmir

QPA plugin to make Qt a Mir server

nixos-unstable 0.8.0-unstable-2024-03-06
- nixpkgs-unstable 0.8.0-unstable-2024-03-06
- nixos-unstable-small 0.8.0-unstable-2024-03-06
nixos-25.05 -
- nixos-25.05-small 0.8.0-unstable-2024-03-06

pkgs.emacsPackages.melpa-upstream-visit

None

nixos-unstable 20130720.1033
- nixpkgs-unstable 20130720.1033
- nixos-unstable-small 20130720.1033

pkgs.tests.haskell.upstreamStackHpackVersion

Test that the stack in Nixpkgs uses the same version of Hpack as the upstream stack release

nixos-unstable 3.5.1-hpack-0.38.0-3c7ec163b41accac6cb7904ba3906e269b503777a3171d9b8694f0f0fb592a57
- nixpkgs-unstable 3.5.1-hpack-0.38.0-3c7ec163b41accac6cb7904ba3906e269b503777a3171d9b8694f0f0fb592a57
- nixos-unstable-small 3.5.1-hpack-0.38.0-3c7ec163b41accac6cb7904ba3906e269b503777a3171d9b8694f0f0fb592a57
nixos-25.05 -
- nixos-25.05-small 3.5.1-hpack-0.38.0-3c7ec163b41accac6cb7904ba3906e269b503777a3171d9b8694f0f0fb592a57

Package maintainers

@9999years Rebecca Turner <rbt@fastmail.com>
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
@cdepillabout Dennis Gosnell <cdep.illabout@gmail.com>