Nixpkgs security tracker

Permalink CVE-2024-12840

5.0 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): LOW
Availability impact (A): NONE

created 1 year, 3 months ago

Http proxies: satellite: service side request forgery in http proxies

A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner.

References

https://access.redhat.com/security/cve/CVE-2024-12840 vdb-entryx_refsource_REDHAT
RHBZ#2333494 x_refsource_REDHATissue-tracking

Affected products

security

Matching in nixpkgs

pkgs.job-security

Job control from anywhere

nixos-unstable 0-unstable-2024-04-07
- nixpkgs-unstable 0-unstable-2024-04-07
- nixos-unstable-small 0-unstable-2024-04-07

pkgs.libmodsecurity

ModSecurity v3 library component.

nixos-unstable 3.0.13
- nixpkgs-unstable 3.0.13
- nixos-unstable-small 3.0.13

pkgs.xml-security-c

C++ Implementation of W3C security standards for XML

nixos-unstable 3.0.0
- nixpkgs-unstable 3.0.0
- nixos-unstable-small 3.0.0

pkgs.modsecurity-crs

The OWASP ModSecurity Core Rule Set is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls.

nixos-unstable 3.3.4
- nixpkgs-unstable 3.3.4
- nixos-unstable-small 3.3.4

pkgs.modsecurity_standalone

Open source, cross-platform web application firewall (WAF)

nixos-unstable 2.9.7
- nixpkgs-unstable 2.9.7
- nixos-unstable-small 2.9.7

pkgs.haskellPackages.hackage-security

Hackage security library

nixos-unstable 0.6.2.4
- nixpkgs-unstable 0.6.2.4
- nixos-unstable-small 0.6.2.4

pkgs.python311Packages.flask-security

Quickly add security features to your Flask application

nixos-unstable 5.5.2
- nixpkgs-unstable 5.5.2
- nixos-unstable-small 5.5.2

pkgs.python312Packages.flask-security

Quickly add security features to your Flask application

nixos-unstable 5.5.2
- nixpkgs-unstable 5.5.2
- nixos-unstable-small 5.5.2

pkgs.python311Packages.securityreporter

Python wrapper for the Reporter API

nixos-unstable 1.2.0
- nixpkgs-unstable 1.2.0
- nixos-unstable-small 1.2.0

pkgs.python312Packages.securityreporter

Python wrapper for the Reporter API

nixos-unstable 1.2.0
- nixpkgs-unstable 1.2.0
- nixos-unstable-small 1.2.0

pkgs.haskellPackages.amazonka-securityhub

Amazon SecurityHub SDK

nixos-unstable 2.0
- nixpkgs-unstable 2.0
- nixos-unstable-small 2.0

pkgs.haskellPackages.amazonka-securitylake

Amazon Security Lake SDK

nixos-unstable 2.0
- nixpkgs-unstable 2.0
- nixos-unstable-small 2.0

pkgs.haskellPackages.hackage-security-HTTP

Hackage security bindings against the HTTP library

nixos-unstable 0.1.1.2
- nixpkgs-unstable 0.1.1.2
- nixos-unstable-small 0.1.1.2

pkgs.python311Packages.azure-mgmt-security

Microsoft Azure Security Center Management Client Library for Python

nixos-unstable 7.0.0
- nixpkgs-unstable 7.0.0
- nixos-unstable-small 7.0.0

pkgs.python312Packages.azure-mgmt-security

Microsoft Azure Security Center Management Client Library for Python

nixos-unstable 7.0.0
- nixpkgs-unstable 7.0.0
- nixos-unstable-small 7.0.0

pkgs.python311Packages.mypy-boto3-securityhub

Type annotations for boto3 securityhub

nixos-unstable boto3-securityhub-1.35.72
- nixpkgs-unstable boto3-securityhub-1.35.72
- nixos-unstable-small boto3-securityhub-1.35.72

pkgs.python312Packages.mypy-boto3-securityhub

Type annotations for boto3 securityhub

nixos-unstable boto3-securityhub-1.35.72
- nixpkgs-unstable boto3-securityhub-1.35.72
- nixos-unstable-small boto3-securityhub-1.35.72

pkgs.python311Packages.mypy-boto3-securitylake

Type annotations for boto3 securitylake

nixos-unstable boto3-securitylake-1.35.40
- nixpkgs-unstable boto3-securitylake-1.35.40
- nixos-unstable-small boto3-securitylake-1.35.40

pkgs.python312Packages.mypy-boto3-securitylake

Type annotations for boto3 securitylake

nixos-unstable boto3-securitylake-1.35.40
- nixpkgs-unstable boto3-securitylake-1.35.40
- nixos-unstable-small boto3-securitylake-1.35.40

pkgs.pantheon.switchboard-plug-security-privacy

Switchboard Security & Privacy Plug

nixos-unstable 8.0.0
- nixpkgs-unstable 8.0.0
- nixos-unstable-small 8.0.0

pkgs.python311Packages.google-cloud-securitycenter

Cloud Security Command Center API API client library

nixos-unstable 1.35.1
- nixpkgs-unstable 1.35.1
- nixos-unstable-small 1.35.1

pkgs.python312Packages.google-cloud-securitycenter

Cloud Security Command Center API API client library

nixos-unstable 1.35.1
- nixpkgs-unstable 1.35.1
- nixos-unstable-small 1.35.1

pkgs.azure-cli-extensions.hardware-security-modules

Microsoft Azure Command-Line Tools AzureDedicatedHSMResourceProvider Extension

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0

pkgs.python311Packages.mypy-boto3-codeguru-security

Type annotations for boto3 codeguru-security

nixos-unstable boto3-codeguru-security-1.35.0
- nixpkgs-unstable boto3-codeguru-security-1.35.0
- nixos-unstable-small boto3-codeguru-security-1.35.0

pkgs.python312Packages.mypy-boto3-codeguru-security