GitHub_MCVE-2023-36476CVE-2023-36476
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
EPSS
Percentile
32.8%
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted /boot, on either non-UEFI systems or with a LUKS partition different from / have their LUKS key file in /boot as a plaintext CPIO archive attached to their NixOS initrd. A patch is available and anticipated to be part of version 0.3.13 to backport to NixOS 22.11, 23.05, and unstable channels. Expert users who have a copy of their data may, as a workaround, re-encrypt the LUKS partition(s) themselves.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nixos | calamares-nixos-extensions | * | cpe:2.3:a:nixos:calamares-nixos-extensions:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "NixOS",
"product": "calamares-nixos-extensions",
"versions": [
{
"version": "<= 0.3.12",
"status": "affected"
}
]
}
]Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
EPSS
Percentile
32.8%