Nixpkgs security tracker

Permalink CVE-2025-68508

9.1 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

created 2 months, 4 weeks ago

WordPress Brave plugin <= 0.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brave Brave brave-popup-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brave: from n/a through <= 0.8.3.

References

Affected products

brave-popup-builder

=<<= 0.8.3

Matching in nixpkgs

pkgs.brave

Privacy-oriented browser for Desktop and Laptop computers

nixos-unstable 1.81.131
- nixpkgs-unstable 1.81.131
- nixos-unstable-small 1.81.131
nixos-25.11 1.85.118
- nixpkgs-25.11-darwin 1.85.117

Package maintainers

@uskudnik Urban Skudnik <urban.skudnik@gmail.com>
@buckley310 Sean Buckley <sean.bck@gmail.com>
@matteo-pacini Matteo Pacini <m@matteopacini.me>
@rht rht <rhtbot@protonmail.com>
@nasirhm Nasir Hussain <nasirhussainm14@gmail.com>
@JeffLabonte Jean-François Labonté <jean-francois.labonte@brightonlabs.ai>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.brave

Package maintainers