Nixpkgs security tracker
NIXPKGS-2025-0008
published 8 months, 1 week ago
Permalink
CVE-2025-53882
9.1 CRITICAL
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): None (N)
by @Erethon Activity log
- Created suggestion
- @Erethon accepted
- @Erethon published on GitHub
python-mailmans logrotate configuration allows potential escalation from mailman to root
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration for openSUSEs mailman3 package allows potential escalation from mailman to rootThis issue affects openSUSE Tumbleweed: from ? before 3.3.10-2.1.
Affected products
mailman3
- <3.3.10-2.1
Matching in nixpkgs
pkgs.python311Packages.django-mailman3
Django library for Mailman UIs
-
nixos-unstable mailman3-1.3.15
- nixpkgs-unstable mailman3-1.3.15
- nixos-unstable-small mailman3-1.3.15
pkgs.python312Packages.django-mailman3
Django library for Mailman UIs
-
nixos-unstable mailman3-1.3.15
- nixpkgs-unstable mailman3-1.3.15
- nixos-unstable-small mailman3-1.3.15
Package maintainers
-
@alyssais Alyssa Ross <hi@alyssa.is>