Lucene search
K

5 matches found

NVD
NVD
added 2025/04/15 11:15 p.m.19 views

CVE-2025-32435

Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users...

2.6CVSS0.00272EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/04/15 10:19 p.m.5 views

CVE-2025-32435 Hydra no restricted eval after nix-eval-jobs migration

Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users...

2.6CVSS7.4AI score0.00272EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/04/15 10:19 p.m.16 views

CVE-2025-32435 Hydra no restricted eval after nix-eval-jobs migration

Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users...

2.6CVSS0.00272EPSS
Exploits0References4
OSV
OSV
added 2025/04/15 10:19 p.m.6 views

CVE-2025-32435 Hydra no restricted eval after nix-eval-jobs migration

Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users...

2.6CVSS7AI score0.00272EPSS
Exploits0References6
CVE
CVE
added 2025/04/15 10:19 p.m.60 views

CVE-2025-32435

CVE-2025-32435 affects Hydra, a CI service for Nix-based projects. The issue arises from evaluating untrusted non-flake nix code, which could allow access to secrets owned by hydra user/group. The description notes that signing keys owned by hydra-queue-runner and hydra-www are not affected. Publ...

2.6CVSS4.1AI score0.00272EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder