Home > Vulnerability Database > CVE-2024-38531

Mend.io Vulnerability Database

CVE-2024-38531

Good to know:

Date: June 28, 2024

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4.

Language: C++

Severity Score

3.6

Related Resources (4)

Url: https://github.com/NixOS/nix/security/advisories/GHSA-q82p-44mg-mgh5

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-38531

Url: https://github.com/NixOS/nix/pull/10501

Url: https://www.mend.io/vulnerability-database/CVE-2024-38531

Severity Score

3.6

Weakness Type (CWE)

Insecure Preserved Inherited Permissions

CWE-278

Top Fix

Upgrade Version

Upgrade to version 2.18.4,2.19.5,2.20.7,2.21.3,2.22.2,2.23.1

Learn More

CVSS v3.1

Base Score:	3.6
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-38531

Good to know:

Date: June 28, 2024

Language: C++

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?