CVE-2025-54864
- EPSS 0.1%
- Veröffentlicht 12.08.2025 15:48:54
- Zuletzt bearbeitet 22.09.2025 14:58:23
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with ...
CVE-2025-54800
- EPSS 0.04%
- Veröffentlicht 12.08.2025 15:47:11
- Zuletzt bearbeitet 22.09.2025 14:57:49
Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits th...
CVE-2025-32435
- EPSS 0.03%
- Veröffentlicht 15.04.2025 22:19:46
- Zuletzt bearbeitet 22.09.2025 14:56:23
Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the ...
CVE-2024-45049
- EPSS 0.36%
- Veröffentlicht 27.08.2024 21:15:07
- Zuletzt bearbeitet 22.09.2025 14:59:23
Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed b...
CVE-2024-32657
- EPSS 0.63%
- Veröffentlicht 22.04.2024 23:15:50
- Zuletzt bearbeitet 22.09.2025 14:10:00
Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to...