Nixpkgs Security Tracker

Dismissed

Permalink CVE-2022-50931

8.4 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 1 month, 3 weeks ago by @Scrumplex Activity log

Created automatic suggestion 1 month, 3 weeks ago
@Scrumplex dismissed 1 month, 3 weeks ago

TeamSpeak 3.5.6 - Insecure File Permissions

TeamSpeak 3.5.6 contains an insecure file permissions vulnerability that allows local attackers to replace executable files with malicious binaries. Attackers can replace system executables like ts3client_win32.exe with custom files to potentially gain SYSTEM or Administrator-level access.

References

ExploitDB-50743 exploit
TeamSpeak Official Vendor Homepage product
TeamSpeak Downloads Page product
VulnCheck Advisory: TeamSpeak 3.5.6 - Insecure File Permissions third-party-advisory
ExploitDB-50743 exploit
TeamSpeak Official Vendor Homepage product
TeamSpeak Downloads Page product
VulnCheck Advisory: TeamSpeak 3.5.6 - Insecure File Permissions third-party-advisory
VulnCheck Advisory: TeamSpeak 3.5.6 - Insecure File Permissions third-party-advisory
ExploitDB-50743 exploit
TeamSpeak Official Vendor Homepage product
TeamSpeak Downloads Page product

Affected products

TeamSpeak

==3.5.6

Matching in nixpkgs

pkgs.teamspeak3

TeamSpeak voice communication tool

nixos-unstable 3.6.2
- nixpkgs-unstable 3.6.2
- nixos-unstable-small 3.6.2
nixos-25.11 -
- nixos-25.11-small 3.6.2
- nixpkgs-25.11-darwin 3.6.2

pkgs.teamspeak_server

TeamSpeak voice communication server

nixos-unstable 3.13.7
- nixpkgs-unstable 3.13.7
- nixos-unstable-small 3.13.7
nixos-25.11 -
- nixos-25.11-small 3.13.7
- nixpkgs-25.11-darwin 3.13.7

pkgs.teamspeak6-client

TeamSpeak voice communication tool (beta version)

nixos-unstable 6.0.0-beta3.2
- nixpkgs-unstable 6.0.0-beta3.4
- nixos-unstable-small 6.0.0-beta3.4
nixos-25.11 -
- nixos-25.11-small 6.0.0-beta3.2
- nixpkgs-25.11-darwin 6.0.0-beta3.2

Package maintainers

@nathanielbaxter Nathaniel Baxter <nathaniel.baxter@gmail.com>
@lukegb Luke Granger-Brown <nix@lukegb.com>
@Atemu Atemu <nixpkgs@mail.atemu.net>
@jojosch Johannes Schleifenbaum <johannes@js-webcoding.de>
@gepbird Gutyina Gergő <gutyina.gergo.2@gmail.com>
@Shados Alexei Robyn <shados@shados.net>
@Gerschtli Tobias Happ <tobias.happ@gmx.de>

All channels are patched.