Nixpkgs security tracker
6.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
Session Cookies Missing HttpOnly Attribute
In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values.
References
Affected products
- ==All versions prior to 2026.1
Matching in nixpkgs
pkgs.mopsa
Modular and Open Platform for Static Analysis using Abstract Interpretation
pkgs.sipsak
SIP Swiss army knife
pkgs.sharpsat-td
Fast solver for the #SAT model counting problem
-
nixos-unstable 0-unstable-2021-09-05
- nixpkgs-unstable 0-unstable-2021-09-05
- nixos-unstable-small 0-unstable-2021-09-05
-
nixos-25.11 0-unstable-2021-09-05
- nixpkgs-25.11-darwin 0-unstable-2021-09-05
pkgs.purescript-psa
Error/Warning reporting frontend for psc
pkgs.svndumpsanitizer
Alternative to svndumpfilter that discovers which nodes should actually be kept
pkgs.phpPackages.psalm
Static analysis tool for finding errors in PHP applications
pkgs.ocamlPackages.mopsa
Modular and Open Platform for Static Analysis using Abstract Interpretation
pkgs.php82Packages.psalm
Static analysis tool for finding errors in PHP applications
pkgs.php83Packages.psalm
Static analysis tool for finding errors in PHP applications
pkgs.php84Packages.psalm
Static analysis tool for finding errors in PHP applications
pkgs.haskellPackages.cpsa
Symbolic cryptographic protocol analyzer
pkgs.python312Packages.tapsaff
Provides an API for requesting information from taps-aff.co.uk
pkgs.python313Packages.tapsaff
Provides an API for requesting information from taps-aff.co.uk
pkgs.nodePackages.purescript-psa
Error/Warning reporting frontend for psc
pkgs.python312Packages.markupsafe
Implements a XML/HTML/XHTML Markup safe string
pkgs.python312Packages.psautohint
Script to normalize the XML and other data inside of a UFO
pkgs.python313Packages.markupsafe
Implements a XML/HTML/XHTML Markup safe string
pkgs.python313Packages.psautohint
Script to normalize the XML and other data inside of a UFO
pkgs.terraform-providers.vpsadmin
None
pkgs.nodePackages_latest.purescript-psa
Error/Warning reporting frontend for psc
pkgs.python312Packages.types-markupsafe
Typing stubs for MarkupSafe
pkgs.python313Packages.types-markupsafe
Typing stubs for MarkupSafe
pkgs.terraform-providers.vpsfreecz_vpsadmin
None
Package maintainers
-
@vbgl Vincent Laporte <Vincent.Laporte@gmail.com>
-
@aanderse Aaron Andersen <aaron@fosslib.net>
-
@drupol Pol Dellaiera <pol.dellaiera@protonmail.com>
-
@talyz Kim Lindberger <kim.lindberger@gmail.com>
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
-
@piotrkwiecinski Piotr Kwiecinski <piokwiecinski+nixpkgs@gmail.com>
-
@sternenseemann Lukas Epple <sternenseemann@systemli.org>
-
@nim65s Guilhem Saurel <guilhem.saurel@laas.fr>
-
@risicle Robert Scott <code@humanleg.org.uk>
-
@sheenobu Sheena Artrip <sheena.artrip@gmail.com>
-
@lafrenierejm Joseph LaFreniere <joseph@lafreniere.xyz>
-
@patka-123 patka <patka@patka.dev>
-
@JamieMagee Jamie Magee <jamie.magee@gmail.com>