Nixpkgs Security Tracker

Dismissed

Permalink CVE-2025-67860

3.8 LOW

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

updated 3 weeks, 3 days ago by @LeSuisse Activity log

Created automatic suggestion 3 weeks, 3 days ago
@LeSuisse removed package theharvester 3 weeks, 3 days ago
@LeSuisse dismissed 3 weeks, 3 days ago

NeuVector scanner insecurely handles passwords as command arguments

A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users.

References

Affected products

github.com/neuvector/scanner

<4.072

Ignored packages (1)

pkgs.theharvester

Gather E-mails, subdomains and names from different public sources

nixos-unstable 4.10.0
- nixpkgs-unstable 4.10.0
- nixos-unstable-small 4.10.0
nixos-25.11 4.8.2
- nixos-25.11-small 4.8.2
- nixpkgs-25.11-darwin 4.8.2

Not present in nixpkgs

Suggestion detail

References

Affected products

pkgs.theharvester