limesurvey: mark as insecure

author: Robert Schütz <dev@schuetz-co.de> 2021-01-29 23:42:04 +0100
committer: Robert Schütz <dev@schuetz-co.de> 2021-01-30 11:16:32 +0100
commit: a03847e69695607b15956e09b3ab2f9c2425383b (patch)
tree: 050e7b4df75e30e9fbba6c635cd3be7b7f7d0b8d /pkgs/servers/limesurvey
parent: 526738a799e2654366d1c5a1d7f5249ecb7ab1ed (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/pkgs/servers/limesurvey/default.nix b/pkgs/servers/limesurvey/default.nix
index 261285341c42c..e71ff33e2f9db 100644
--- a/pkgs/servers/limesurvey/default.nix
+++ b/pkgs/servers/limesurvey/default.nix
@@ -37,5 +37,10 @@ stdenv.mkDerivation rec {
     homepage = "https://www.limesurvey.org";
     maintainers = with maintainers; [offline];
     platforms = with platforms; unix;
+    knownVulnerabilities = [
+      # https://github.com/LimeSurvey/LimeSurvey/blob/3.x-LTS/docs/release_notes.txt
+      "Unauthorized access to statistics of a survey with certain permission configurations"
+      "Persistent XSS in browse response"
+    ];
   };
 }
author	Robert Schütz <dev@schuetz-co.de>	2021-01-29 23:42:04 +0100
committer	Robert Schütz <dev@schuetz-co.de>	2021-01-30 11:16:32 +0100
commit	a03847e69695607b15956e09b3ab2f9c2425383b (patch)
tree	050e7b4df75e30e9fbba6c635cd3be7b7f7d0b8d /pkgs/servers/limesurvey
parent	526738a799e2654366d1c5a1d7f5249ecb7ab1ed (diff)