Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2026-32692

7.6 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): HIGH
Availability impact (A): LOW

created 4 days, 1 hour ago

Unauthorized update of out-of-scope Vault secrets

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.

References

https://github.com/juju/juju/security/advisories/GHSA-89x7-5m5m-mcmm vdb-entry vendor-advisory

Affected products

juju

<3.6.19

Matching in nixpkgs

pkgs.juju

Open source modelling tool for operating software in the cloud

nixos-unstable 3.6.12
- nixpkgs-unstable 3.6.12
- nixos-unstable-small 3.6.12
nixos-25.11 3.6.11
- nixos-25.11-small 3.6.11
- nixpkgs-25.11-darwin 3.6.11

pkgs.jujutsu

Git-compatible DVCS that is both simple and powerful

nixos-unstable 0.39.0
- nixpkgs-unstable 0.39.0
- nixos-unstable-small 0.39.0
nixos-25.11 0.35.0
- nixos-25.11-small 0.35.0
- nixpkgs-25.11-darwin 0.35.0

pkgs.jujuutils

Utilities around FireWire devices connected to a Linux computer

nixos-unstable 0.2
- nixpkgs-unstable 0.2
- nixos-unstable-small 0.2
nixos-25.11 0.2
- nixos-25.11-small 0.2
- nixpkgs-25.11-darwin 0.2

Package maintainers

@RealityAnomaly Alex Zero <alex@arctarus.co.uk>
@thoughtpolice Austin Seipp <aseipp@pobox.com>
@0x4A6F Joachim Ernst <mail-maintainer@0x4A6F.dev>
@emilazy Emily <nixpkgs@emily.moe>
@bbigras Bruno Bigras <bigras.bruno@gmail.com>