CNNVD-202508-1066 Information

CNNVD ID

CNNVD-202508-1066

Related CVE

CVE-2025-54864

• CNNVD Published: 2025-08-12

Description (Chinese)

Hydra是Nix开源的一个基于Nix项目的持续集成服务。 Hydra f7bda02之前版本存在访问控制错误漏洞，该漏洞源于/api/push-github和/api/push-gitea缺少HTTP基本身份验证，可能导致拒绝服务攻击。

Description (English)

Hydra is a continuous integration service based on the Nix project, which is an open source for Nix. Prior to Hydra f7bda02, there was a bug in access control, which stemmed from the lack of basic HTTP identification, which could lead to denial of service attacks, in /api/push-github and/api/push-gitea.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

Nix

Published

2025-08-12

Last Modified

2026-02-24

References

https://github.com/NixOS/hydra/commit/f7bda020c6144913f134ec616783e57817f7686f https://github.com/NixOS/hydra/security/advisories/GHSA-qpq3-646c-vgx9

Patch

https://hydra.cc/