Merge pull request #111218 from dotlambda/limesurvey-insecure

limesurvey: mark as insecure
author: Daniël de Kok <me@danieldk.eu> 2021-01-30 11:37:14 +0100
committer: GitHub <noreply@github.com> 2021-01-30 11:37:14 +0100
commit: 256eb05dad5bc493f0e1ffe17c4ead4fcea07391 (patch)
tree: bf68069e6ac07046a3821ac47f96f808792d711c /pkgs
parent: 44c8df7e2a8dd9edb3304de5f54a0c7fdec7c331 (diff)
parent: a03847e69695607b15956e09b3ab2f9c2425383b (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/pkgs/servers/limesurvey/default.nix b/pkgs/servers/limesurvey/default.nix
index 261285341c42..e71ff33e2f9d 100644
--- a/pkgs/servers/limesurvey/default.nix
+++ b/pkgs/servers/limesurvey/default.nix
@@ -37,5 +37,10 @@ stdenv.mkDerivation rec {
     homepage = "https://www.limesurvey.org";
     maintainers = with maintainers; [offline];
     platforms = with platforms; unix;
+    knownVulnerabilities = [
+      # https://github.com/LimeSurvey/LimeSurvey/blob/3.x-LTS/docs/release_notes.txt
+      "Unauthorized access to statistics of a survey with certain permission configurations"
+      "Persistent XSS in browse response"
+    ];
   };
 }
author	Daniël de Kok <me@danieldk.eu>	2021-01-30 11:37:14 +0100
committer	GitHub <noreply@github.com>	2021-01-30 11:37:14 +0100
commit	256eb05dad5bc493f0e1ffe17c4ead4fcea07391 (patch)
tree	bf68069e6ac07046a3821ac47f96f808792d711c /pkgs
parent	44c8df7e2a8dd9edb3304de5f54a0c7fdec7c331 (diff)
parent	a03847e69695607b15956e09b3ab2f9c2425383b (diff)