Nixpkgs security tracker
Permalink
CVE-2025-49974
4.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): LOW
- Availability impact (A): NONE
by @fricklerhandwerk Activity log
- Created automatic suggestion
- @fricklerhandwerk dismissed
WordPress UpStream: a Project Management Plugin for WordPress plugin <= 2.1.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in upstreamplugin UpStream: a Project Management Plugin for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects UpStream: a Project Management Plugin for WordPress: from n/a through 2.1.0.
References
Affected products
upstream
- =<2.1.0
Matching in nixpkgs
pkgs.git-upstream
Shortcut for `git push --set-upstream`
pkgs.lomiri.qtmir
QPA plugin to make Qt a Mir server
-
nixos-unstable 0.8.0-unstable-2024-03-06
- nixpkgs-unstable 0.8.0-unstable-2024-03-06
- nixos-unstable-small 0.8.0-unstable-2024-03-06
pkgs.emacsPackages.melpa-upstream-visit
None
-
nixos-unstable 20130720.1033
- nixpkgs-unstable 20130720.1033
- nixos-unstable-small 20130720.1033
pkgs.tests.haskell.upstreamStackHpackVersion
Test that the stack in Nixpkgs uses the same version of Hpack as the upstream stack release
Package maintainers
-
@9999years Rebecca Turner <rbt@fastmail.com>
-
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
-
@cdepillabout Dennis Gosnell <cdep.illabout@gmail.com>