Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged

Filter by:

With package: tomcat-native

Found 1 matching suggestions

View:

Compact

Detailed

Permalink CVE-2024-22029

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 year, 2 months ago

tomcat packaging allows for escalation to root from tomcat user

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root

References

Affected products

tomcat

<9.0.85-150200.57.1
<9.0.85-3.1

Matching in nixpkgs

pkgs.tomcat9

Implementation of the Java Servlet and JavaServer Pages technologies

nixos-unstable 9.0.97
- nixpkgs-unstable 9.0.97
- nixos-unstable-small 9.0.97

pkgs.tomcat10

Implementation of the Java Servlet and JavaServer Pages technologies

nixos-unstable 10.1.33
- nixpkgs-unstable 10.1.33
- nixos-unstable-small 10.1.33

pkgs.tomcat11

Implementation of the Java Servlet and JavaServer Pages technologies

nixos-unstable 11.0.0
- nixpkgs-unstable 11.0.0
- nixos-unstable-small 11.0.0

pkgs.tomcat-native

Optional component for use with Apache Tomcat that allows Tomcat to use certain native resources for performance, compatibility, etc

nixos-unstable 2.0.8
- nixpkgs-unstable 2.0.8
- nixos-unstable-small 2.0.8

pkgs.tomcat_mysql_jdbc

None

nixos-unstable 9.1.0
- nixpkgs-unstable 9.1.0
- nixos-unstable-small 9.1.0

Package maintainers

@anthonyroussel Anthony Roussel <anthony@roussel.dev>
@aanderse Aaron Andersen <aaron@fosslib.net>

1