VYPR

guix-daemon

by GNU

Source repositories

CVEs (3)

  • CVE-2024-52867HigNov 17, 2024
    risk 0.46cvss 8.1epss 0.00

    guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated within the product via certain…

  • CVE-2025-59378MedSep 15, 2025
    risk 0.37cvss 5.7epss 0.00

    In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended).

  • CVE-2021-27851MedApr 26, 2021
    risk 0.36cvss 5.5epss 0.00

    A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with `guix…