Knedlsepp

**Name of the Vulnerable Software and Affected Versions** Hydra (affected versions not specified) **Description** The issue concerns the evaluation of untrusted non-flake Nix code in Hydra, a Continuous Integration service for Nix-based projects. This could potentially allow access to secrets accessible by the Hydra user or group. However, it is noted that signing keys, owned by the hydra-queue-runner and hydra-www users, should not be affected. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.