Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed

Permalink CVE-2026-3194

4.5 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

updated 2 weeks ago by @mweinelt Activity log

Created automatic suggestion 3 weeks, 2 days ago
@mweinelt removed
15 packages
- python312Packages.blockchain
- python312Packages.python-blockchain-api
- python313Packages.python-blockchain-api
- python314Packages.python-blockchain-api
- haskellPackages.amazonka-managedblockchain
- python312Packages.mypy-boto3-managedblockchain
- python313Packages.mypy-boto3-managedblockchain
- python314Packages.mypy-boto3-managedblockchain
- python312Packages.mypy-boto3-managedblockchain-query
- python313Packages.mypy-boto3-managedblockchain-query
- python314Packages.mypy-boto3-managedblockchain-query
- python312Packages.types-aiobotocore-managedblockchain
- python313Packages.types-aiobotocore-managedblockchain
- python312Packages.types-aiobotocore-managedblockchain-query
- python313Packages.types-aiobotocore-managedblockchain-query
2 weeks ago
@mweinelt dismissed 2 weeks ago

Chia Blockchain RPC Server Master Passphrase get_private_key missing authentication

A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function send_transaction/get_private_key of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication. The attack can only be executed locally. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been published and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".

References

VDB-347750 | Chia Blockchain RPC Server Master Passphrase get_private_key missing authentication vdb-entry technical-description
VDB-347750 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
Submit #757201 | Chia Network Chia Blockchain Chia Blockchain 2.1.0 (confirmed vulnerable) Later versions (2.2.0 - 2.5.6) presumed vulnerable - no fix released Authentication Bypass/CSRF/Cryptographic Issue third-party-advisory
https://github.com/Danimlzg/chia-rpc-auth-bypass.git exploit broken-link

Affected products

Blockchain

==2.1.0

Ignored packages (15)

pkgs.python312Packages.blockchain

Python client Blockchain Bitcoin Developer API

nixos-25.11 1.4.4
- nixos-25.11-small 1.4.4
- nixpkgs-25.11-darwin 1.4.4

pkgs.python312Packages.python-blockchain-api

Python API for interacting with blockchain.info

nixos-25.11 0.0.2
- nixos-25.11-small 0.0.2
- nixpkgs-25.11-darwin 0.0.2

pkgs.python313Packages.python-blockchain-api

Python API for interacting with blockchain.info

nixos-unstable 0.0.2
- nixpkgs-unstable 0.0.2
- nixos-unstable-small 0.0.2
nixos-25.11 0.0.2
- nixos-25.11-small 0.0.2
- nixpkgs-25.11-darwin 0.0.2

pkgs.python314Packages.python-blockchain-api

Python API for interacting with blockchain.info

nixos-unstable 0.0.2
- nixpkgs-unstable 0.0.2
- nixos-unstable-small 0.0.2

pkgs.haskellPackages.amazonka-managedblockchain

Amazon Managed Blockchain SDK

nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
nixos-25.11 2.0-unstable-2025-04-16
- nixos-25.11-small 2.0-unstable-2025-04-16
- nixpkgs-25.11-darwin 2.0-unstable-2025-04-16

pkgs.python312Packages.mypy-boto3-managedblockchain

Type annotations for boto3 managedblockchain

nixos-25.11 boto3-managedblockchain-1.41.0
- nixos-25.11-small boto3-managedblockchain-1.41.0
- nixpkgs-25.11-darwin boto3-managedblockchain-1.41.0

pkgs.python313Packages.mypy-boto3-managedblockchain

Type annotations for boto3 managedblockchain

nixos-unstable boto3-managedblockchain-1.42.3
- nixpkgs-unstable boto3-managedblockchain-1.42.3
- nixos-unstable-small boto3-managedblockchain-1.42.3
nixos-25.11 boto3-managedblockchain-1.41.0
- nixos-25.11-small boto3-managedblockchain-1.41.0
- nixpkgs-25.11-darwin boto3-managedblockchain-1.41.0

pkgs.python314Packages.mypy-boto3-managedblockchain

Type annotations for boto3 managedblockchain

nixos-unstable boto3-managedblockchain-1.42.3
- nixpkgs-unstable boto3-managedblockchain-1.42.3
- nixos-unstable-small boto3-managedblockchain-1.42.3

pkgs.python312Packages.mypy-boto3-managedblockchain-query

Type annotations for boto3 managedblockchain-query

nixos-25.11 boto3-managedblockchain-query-1.41.0
- nixos-25.11-small boto3-managedblockchain-query-1.41.0
- nixpkgs-25.11-darwin boto3-managedblockchain-query-1.41.0

pkgs.python313Packages.mypy-boto3-managedblockchain-query

Type annotations for boto3 managedblockchain-query

nixos-unstable boto3-managedblockchain-query-1.42.3
- nixpkgs-unstable boto3-managedblockchain-query-1.42.3
- nixos-unstable-small boto3-managedblockchain-query-1.42.3
nixos-25.11 boto3-managedblockchain-query-1.41.0
- nixos-25.11-small boto3-managedblockchain-query-1.41.0
- nixpkgs-25.11-darwin boto3-managedblockchain-query-1.41.0

pkgs.python314Packages.mypy-boto3-managedblockchain-query

Type annotations for boto3 managedblockchain-query

nixos-unstable boto3-managedblockchain-query-1.42.3
- nixpkgs-unstable boto3-managedblockchain-query-1.42.3
- nixos-unstable-small boto3-managedblockchain-query-1.42.3

pkgs.python312Packages.types-aiobotocore-managedblockchain

Type annotations for aiobotocore managedblockchain

nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python313Packages.types-aiobotocore-managedblockchain

Type annotations for aiobotocore managedblockchain

nixos-unstable 3.1.1
- nixpkgs-unstable 3.1.1
- nixos-unstable-small 3.1.1
nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python312Packages.types-aiobotocore-managedblockchain-query

Type annotations for aiobotocore managedblockchain-query

nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python313Packages.types-aiobotocore-managedblockchain-query

Type annotations for aiobotocore managedblockchain-query

nixos-unstable 3.1.1
- nixpkgs-unstable 3.1.1
- nixos-unstable-small 3.1.1
nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

Not in nixpkgs