Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
`calamares-nixos-extensions` LUKS keyfile exposure
Vulnerability Description
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted `/boot`, on either non-UEFI systems or with a LUKS partition different from `/` have their LUKS key file in `/boot` as a plaintext CPIO archive attached to their NixOS initrd. A patch is available and anticipated to be part of version 0.3.13 to backport to NixOS 22.11, 23.05, and unstable channels. Expert users who have a copy of their data may, as a workaround, re-encrypt the LUKS partition(s) themselves.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Vulnerability Type
信息暴露
Vulnerability Title
calamares-nixos-extensions 信息泄露漏洞
Vulnerability Description
Calamares是Calamares团队的一款通用安装程序框架。 Calamares calamares-nixos-extensions 0.3.12及之前版本存在信息泄露漏洞,该漏洞源于用户通过图形 calamares 安装程序安装 NixOS时,在非 UEFI 系统上使用未加密的/boot或使用与/不同的 LUKS 分区,可以将他们的 LUKS 密钥文件/boot作为明文CPIO 存档附加到他们的 NixOS initrd 中。
CVSS Information
N/A
Vulnerability Type
N/A