Upstream information
Description
The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user account (e.g., nixbld or guixbuild). This affects Nix through 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix through 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
CNA (MITRE) | |
---|---|
Base Score | 2.9 |
Vector | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |
Attack Vector | Local |
Attack Complexity | High |
Privileges Required | None |
User Interaction | None |
Scope | Unchanged |
Confidentiality Impact | None |
Integrity Impact | Low |
Availability Impact | None |
CVSSv3 Version | 3.1 |
SUSE Timeline for this CVE
CVE page created: Tue Jun 24 18:30:13 2025CVE page last modified: Mon Jul 7 12:42:03 2025