Auth bypass in Nixos Hydra

CVE-2024-45049

Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can…

Vulnerability class: Broken Authentication

EPSS: 0.006 (45.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

  • Nixos Hydra — versions < f73043378907c2c7e44f633ad764c8bdd1c947d5

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2024-45049?
CVE-2024-45049 is a high-severity vulnerability in Nixos Hydra, classified under Missing Authentication for Critical Function. CVSS score: 7.5/10. Published 2024-08-27.
How severe is CVE-2024-45049?
High severity. CVSS v3 base score is 7.5 out of 10.