Nixpkgs security tracker

Login with GitHub

Suggestion detail

Dismissed

Permalink CVE-2026-3739

6.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): Low (L)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

updated 2 months, 2 weeks ago by @mweinelt Activity log

Created suggestion 2 months, 2 weeks ago
@mweinelt ignored
7 packages
- mautrix-gmessages
- ayatana-indicator-messages
- graylogPlugins.filter-messagesize
- python312Packages.teamcity-messages
- python313Packages.teamcity-messages
- python314Packages.teamcity-messages
- chickenPackages_5.chickenEggs.messages
2 months, 2 weeks ago
@mweinelt dismissed 2 months, 2 weeks ago

suitenumerique messages ThreadAccess serializers.py ThreadAccessSerializer improper authentication

A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.3.0 is capable of addressing this issue. The patch is identified as d7729f4b885449f6dee3faf8b5f2a05769fb3d6e. The affected component should be upgraded.

References

VDB-349717 | suitenumerique messages ThreadAccess serializers.py ThreadAccessSerializer improper authentication vdb-entrytechnical-description
VDB-349717 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #767329 | La Suite Numerique messages 0.2.0 IDOR third-party-advisory
https://github.com/suitenumerique/messages/security/advisories/GHSA-7476-6crq-4… exploit
https://github.com/suitenumerique/messages/pull/557 issue-trackingpatch
https://github.com/suitenumerique/messages/commit/d7729f4b885449f6dee3faf8b5f2a… patch
https://github.com/suitenumerique/messages/releases/tag/v0.3.0 patch
https://github.com/suitenumerique/messages/ product

Affected products

messages

==0.2.0
==0.3.0

Ignored packages (7)

pkgs.mautrix-gmessages

Matrix-Google Messages puppeting bridge

nixos-unstable 25.11
- nixpkgs-unstable 25.11
- nixos-unstable-small 25.11
nixos-25.11 25.11
- nixos-25.11-small 25.11
- nixpkgs-25.11-darwin 25.11

pkgs.ayatana-indicator-messages

Ayatana Indicator Messages Applet

nixos-unstable 24.5.1
- nixpkgs-unstable 24.5.1
- nixos-unstable-small 24.5.1
nixos-25.11 24.5.1
- nixos-25.11-small 24.5.1
- nixpkgs-25.11-darwin 24.5.1

pkgs.graylogPlugins.filter-messagesize

Prints out all messages that have an estimated size crossing a configured threshold during processing

nixos-unstable 0.0.2
- nixpkgs-unstable 0.0.2
- nixos-unstable-small 0.0.2
nixos-25.11 0.0.2
- nixos-25.11-small 0.0.2
- nixpkgs-25.11-darwin 0.0.2

pkgs.python312Packages.teamcity-messages

Python unit test reporting to TeamCity

nixos-25.11 1.33
- nixos-25.11-small 1.33
- nixpkgs-25.11-darwin 1.33

pkgs.python313Packages.teamcity-messages

Python unit test reporting to TeamCity

nixos-unstable 1.33
- nixpkgs-unstable 1.33
- nixos-unstable-small 1.33
nixos-25.11 1.33
- nixos-25.11-small 1.33
- nixpkgs-25.11-darwin 1.33

pkgs.python314Packages.teamcity-messages

Python unit test reporting to TeamCity

nixos-unstable 1.33
- nixpkgs-unstable 1.33
- nixos-unstable-small 1.33

pkgs.chickenPackages_5.chickenEggs.messages

Creating algebraic- and abstract-types based on vectors

nixos-unstable 0.7
- nixpkgs-unstable 0.7
- nixos-unstable-small 0.7
nixos-25.11 0.7
- nixos-25.11-small 0.7
- nixpkgs-25.11-darwin 0.7

Not in nixpkgs