9.3 CRITICAL
- CVSS version (CVSS): 4.0
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Attack Requirement (AT): None (N)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Vulnerable System Impact Confidentiality (VC): High (H)
- Vulnerable System Impact Integrity (VI): High (H)
- Vulnerable System Impact Availability (VA): High (H)
- Subsequent System Impact Confidentiality (SC): None (N)
- Subsequent System Impact Integrity (SI): None (N)
- Subsequent System Impact Availability (SA): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Attack Requirement (MAT): None (N)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Vulnerable System Impact Confidentiality (MVC): High (H)
- Modified Vulnerable System Impact Integrity (MVI): High (H)
- Modified Vulnerable System Impact Availability (MVA): High (H)
- Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
- Modified Subsequent System Impact Integrity (MSI): Negligible (N)
- Modified Subsequent System Impact Availability (MSA): Negligible (N)
- Safety (S): Not Defined (X)
- Automatable (AU): Not Defined (X)
- Recovery (R): Not Defined (X)
- Value Density (V): Not Defined (X)
- Vulnerability Response Effort (RE): Not Defined (X)
- Provider Urgency (U): Not Defined (X)
- Confidentiality Req. (CR): Not Defined (X)
- Integrity Req. (IR): Not Defined (X)
- Availability Req. (AR): Not Defined (X)
- Exploit Maturity (E): Not Defined (X)
Activity log
- Created suggestion
Rejetto HFS < 3.2.1 Session Forgery via Predictable Signing Key
Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random() generator and discloses outputs of the same generator to unauthenticated clients during login. A remote attacker can collect a small number of login responses, reconstruct the generator's state, recover the signing key, and forge a valid administrator session cookie, leading to full administrative access and remote code execution via the server_code configuration feature.
References
-
-
https://www.vulncheck.com/advisories/rejetto-hfs-session-forgery-via-predictabl… third-party-advisory
Affected products
- <3.2.1
Matching in nixpkgs
pkgs.hfst
FST language processing library
pkgs.sshfs
FUSE-based filesystem that allows remote filesystems to be mounted over SSH
pkgs.hfsprogs
HFS/HFS+ user space utils
-
nixos-unstable 627.40.1-linux
- nixpkgs-unstable 627.40.1-linux
- nixos-unstable-small 627.40.1-linux
-
nixos-26.05 627.40.1-linux
- nixos-26.05-small 627.40.1-linux
- nixpkgs-26.05-darwin 627.40.1-linux
pkgs.hfsutils
Tools for reading and writing Macintosh volumes
pkgs.sshfs-fuse
FUSE-based filesystem that allows remote filesystems to be mounted over SSH
pkgs.hfst-ospell
HFST spell checker library and command line tool
pkgs.squashfsTools
Tool for creating and unpacking squashfs filesystems
pkgs.squashfs-tools-ng
None
pkgs.yaziPlugins.sshfs
Minimal SSHFS integration for the Yazi terminal file‑manager
pkgs.python313Packages.hfst
Python bindings for HFST
pkgs.python314Packages.hfst
Python bindings for HFST
pkgs.python313Packages.sshfs
SSH/SFTP implementation for fsspec
pkgs.python314Packages.sshfs
SSH/SFTP implementation for fsspec
pkgs.haskellPackages.hinotify
File/folder watching for OS X
pkgs.haskellPackages.hfsevents
File/folder watching for OS X
pkgs.python313Packages.dissect-squashfs
Dissect module implementing a parser for the SquashFS file system
Package maintainers
-
@Lurkki14 Jussi Kuokkanen <jussi.kuokkanen@protonmail.com>
-
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@alyssais Alyssa Ross <hi@alyssa.is>
-
@ruuda Ruud van Asseldonk <dev+nix@veniogames.com>
-
@Ilosariph Simon Wick <simon@simon-wick.ch>