{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-36476","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2023-06-21T18:50:41.704Z","datePublished":"2023-06-29T00:18:42.532Z","dateUpdated":"2024-11-27T14:17:28.175Z"},"containers":{"cna":{"title":"`calamares-nixos-extensions` LUKS keyfile exposure","problemTypes":[{"descriptions":[{"cweId":"CWE-200","lang":"en","description":"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":7.9,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N","version":"3.1"}}],"references":[{"name":"https://github.com/NixOS/calamares-nixos-extensions/security/advisories/GHSA-3rvf-24q2-24ww","tags":["x_refsource_CONFIRM"],"url":"https://github.com/NixOS/calamares-nixos-extensions/security/advisories/GHSA-3rvf-24q2-24ww"},{"name":"https://github.com/osresearch/heads/issues/1348","tags":["x_refsource_MISC"],"url":"https://github.com/osresearch/heads/issues/1348"},{"name":"https://github.com/vlinkz/calamares-nixos-extensions/commit/837ca4da5521a74d3b5ca6f7b88890a6713faa22","tags":["x_refsource_MISC"],"url":"https://github.com/vlinkz/calamares-nixos-extensions/commit/837ca4da5521a74d3b5ca6f7b88890a6713faa22"}],"affected":[{"vendor":"NixOS","product":"calamares-nixos-extensions","versions":[{"version":"<= 0.3.12","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2023-06-29T00:18:42.532Z"},"descriptions":[{"lang":"en","value":"calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted `/boot`, on either non-UEFI systems or with a LUKS partition different from `/` have their LUKS key file in `/boot` as a plaintext CPIO archive attached to their NixOS initrd. A patch is available and anticipated to be part of version 0.3.13 to backport to NixOS 22.11, 23.05, and unstable channels. Expert users who have a copy of their data may, as a workaround, re-encrypt the LUKS partition(s) themselves."}],"source":{"advisory":"GHSA-3rvf-24q2-24ww","discovery":"UNKNOWN"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T16:45:56.731Z"},"title":"CVE Program Container","references":[{"name":"https://github.com/NixOS/calamares-nixos-extensions/security/advisories/GHSA-3rvf-24q2-24ww","tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/NixOS/calamares-nixos-extensions/security/advisories/GHSA-3rvf-24q2-24ww"},{"name":"https://github.com/osresearch/heads/issues/1348","tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/osresearch/heads/issues/1348"},{"name":"https://github.com/vlinkz/calamares-nixos-extensions/commit/837ca4da5521a74d3b5ca6f7b88890a6713faa22","tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/vlinkz/calamares-nixos-extensions/commit/837ca4da5521a74d3b5ca6f7b88890a6713faa22"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-27T14:17:19.930765Z","id":"CVE-2023-36476","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-27T14:17:28.175Z"}}]}}