Untriaged
OliveTin Unauthorized Action Output Disclosure via EventStream
OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can receive output from actions they are not allowed to view, resulting in broken access control and sensitive information disclosure.
References
- https://github.com/OliveTin/OliveTin/security/advisories/GHSA-228v-wc5r-j8m7 x_refsource_CONFIRM
Affected products
OliveTin
- ==< 3000.10.2
Matching in nixpkgs
pkgs.olivetin
Gives safe and simple access to predefined shell commands from a web interface
-
nixos-unstable 2025.11.25
- nixpkgs-unstable 2025.11.25
- nixos-unstable-small 2025.11.25
-
nixos-25.11 2025.11.25
- nixos-25.11-small 2025.11.25
- nixpkgs-25.11-darwin 2025.11.25
Package maintainers
-
@Defelo Defelo