olivetin: add known vulnerabilities (#498593)

      license = lib.licenses.agpl3Only;

      maintainers = with lib.maintainers; [ defelo ];

      mainProgram = "OliveTin";

      knownVulnerabilities = [

        "CVE-2026-27626: OS Command Injection via password argument type and webhook JSON extraction bypasses shell safety checks"

        "CVE-2026-28342: Unauthenticated Denial of Service via Memory Exhaustion in PasswordHash API Endpoint"

        "CVE-2026-30223: JWT Audience Validation Bypass in Local Key and HMAC Modes"

        "CVE-2026-28789: Unauthenticated DoS via concurrent map writes in OAuth2 state handling"

        "CVE-2026-30224: Session Fixation - Logout Fails to Invalidate Server-Side Session"

        "CVE-2026-28790: Unauthenticated Action Termination via KillAction When Guests Must Login"

        "CVE-2026-30233: View permission not being checked when returning dashboards"

        "CVE-2026-30225: RestartAction always runs actions as guest"

      ];

    };

  }

)