Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nix sandbox escape
Vulnerability Description
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
Vulnerability Type
不安全的预留继承权限
Vulnerability Title
Nix 安全漏洞
Vulnerability Description
Nix是Nix开源的一个强大的包管理器。用于制作包。 Nix 2.23版本及之前版本存在安全漏洞。攻击者利用该漏洞可以升级权限。
CVSS Information
N/A
Vulnerability Type
N/A