Nixpkgs security tracker
2.9 LOW
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): LOW
Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any …
Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on g_file_trash.
References
Affected products
- <1.20.4
- <1.21.1
Matching in nixpkgs
pkgs.xdg-desktop-portal
Desktop integration portals for sandboxed apps
pkgs.xdg-desktop-portal-gtk
Desktop integration portals for sandboxed apps
pkgs.xdg-desktop-portal-wlr
xdg-desktop-portal backend for wlroots
pkgs.xdg-desktop-portal-xapp
Backend implementation for xdg-desktop-portal for Cinnamon, MATE, Xfce
pkgs.xdg-desktop-portal-gnome
Backend implementation for xdg-desktop-portal for the GNOME desktop environment
pkgs.xdg-desktop-portal-phosh
A backend implementation for xdg-desktop-portal that is using GTK/GNOME/Phosh to provide interfaces that aren't provided by the GTK portal
pkgs.xdg-desktop-portal-shana
Filechooser portal backend for any desktop environment
pkgs.xdg-desktop-portal-cosmic
XDG Desktop Portal for the COSMIC Desktop Environment
pkgs.xdg-desktop-portal-hyprland
xdg-desktop-portal backend for Hyprland
pkgs.xdg-desktop-portal-luminous
xdg-desktop-portal backend for wlroots based compositors, providing screenshot and screencast
pkgs.lxqt.xdg-desktop-portal-lxqt
Backend implementation for xdg-desktop-portal that is using Qt/KF5/libfm-qt
pkgs.kdePackages.xdg-desktop-portal-kde
A backend implementation for xdg-desktop-portal that is using Qt/KDE
pkgs.xdg-desktop-portal-termfilechooser
xdg-desktop-portal backend for choosing files with your favorite file chooser
Package maintainers
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>
-
@bkchr Bastian Köcher <nixos@kchr.de>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@FRidh Frederik Rietdijk <fridh@fridh.nl>
-
@peterhoeg Peter Hoeg <peter@hoeg.com>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@K900 Ilya K. <me@0upti.me>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@romildo José Romildo Malaquias <malaquias@gmail.com>
-
@davidak David Kleuker <post@davidak.de>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@HeitorAugustoLN Heitor Augusto <nixpkgs.woven713@passmail.net>
-
@nyabinary Niko Cantero <nyanbinary@keemail.me>
-
@Pandapip1 Gavin John <gavinnjohn@gmail.com>
-
@thefossguy Pratham Patel <prathampatel@thefossguy.com>
-
@drakon64 Evelyn Chance <nixpkgs@drakon.cloud>
-
@michaelBelsanti Mike Belsanti <mbels03@protonmail.com>
-
@ahoneybun Aaron Honeycutt <aaronhoneycutt@proton.me>
-
@alyssais Alyssa Ross <hi@alyssa.is>
-
@a-kenji Alexander Kenji Berthold <aks.kenji@protonmail.com>
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@khaneliman Austin Horstman <khaneliman12@gmail.com>
-
@NotAShelf NotAShelf <raf@notashelf.dev>
-
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
-
@donovanglover Donovan Glover
-
@fufexan Fufezan Mihai <fufexan@protonmail.com>
-
@Rishik-Y Rishik Yalamanchili <202301258@daiict.ac.in>
-
@ArmelClo Armel Cloarec <armel@armelclo.fr>
-
@SamueleFacenda Samuele Facenda <samuele.facenda@gmail.com>
-
@Gliczy Gliczy
-
@L-Trump Luo Chen <ltrump@163.com>
-
@body20002 Abdallah Gamal <body20002.test@gmail.com>
-
@minijackson Rémi Nicole <minijackson@riseup.net>
-
@mkg20001 Maciej Krüger <mkg20001+nix@gmail.com>