Hydra 安全漏洞

Hydra is a Nix open source continuous integration service based on the Nix project. A security vulnerability exists in versions prior to Hydra 0.22.0 that stems from a failed transaction on Cardano L1 that was not considered and could lead to a reorganization attack...

CVE-2024-47174

Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...

CVE-2024-45593

Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root...

CVE-2024-38531

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

CVE-2024-32657

Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...

CVE-2024-27297

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host or another fixed-output derivation via Unix domain sockets in the abstract namespace. This allows to modify the...

CVE-2024-51481

Nix is a package manager for Linux and other Unix systems. On macOS, built-in builders such as builtin:fetchurl, exposed to users with import were not executed in the macOS sandbox. Thus, these builders which are running under the nixbld users had read access to world-readable paths and write...

CVE-2025-32435

Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users...

CVE-2025-32435

Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users...

CVE-2025-32435 Hydra no restricted eval after nix-eval-jobs migration

Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users...

CVE-2025-32435

Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users...

CVE-2025-32435

CVE-2025-32435 affects Hydra, a CI service for Nix-based projects. The issue arises from evaluating untrusted non-flake nix code, which could allow access to secrets owned by hydra user/group. The description notes that signing keys owned by hydra-queue-runner and hydra-www are not affected. Publ...

CVE-2025-32435 Hydra no restricted eval after nix-eval-jobs migration

Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users...

CVE-2025-32435 Hydra no restricted eval after nix-eval-jobs migration

Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users...

Nixpkgs 安全漏洞

Nixpkgs is a collection of over 100000 packages open-sourced by NixOS. It can be installed using the Nix Package Manager. A security vulnerability exists in Nixpkgs that stems from the fact that a local user can execute a program with root privileges at shutdown...

Linux Distros Unpatched Vulnerability : CVE-2024-38531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change...

Linux Distros Unpatched Vulnerability : CVE-2024-27297

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another...

Linux Distros Unpatched Vulnerability : CVE-2024-47174

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on...

CVE-2024-36050

Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...

CVE-2024-52432

Deserialization of Untrusted Data vulnerability in NIX Solutions Ltd NIX Anti-Spam Light nix-anti-spam-light allows Object Injection.This issue affects NIX Anti-Spam Light: from n/a through = 0.0.4...