Untriaged
Glances exposes the REST API without authentication
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with `glances -w`, exposing REST API with sensitive system information including process command-lines containing credentials (passwords, API keys, tokens) to any network client. Version 4.5.2 fixes the issue.
References
- https://github.com/nicolargo/glances/security/advisories/GHSA-wvxv-4j8q-4wjq x_refsource_CONFIRM
- https://github.com/nicolargo/glances/commit/208d876118fea5758970f33fd7474908bd403d25 x_refsource_MISC
- https://github.com/nicolargo/glances/releases/tag/v4.5.2 x_refsource_MISC
Affected products
glances
- ==< 4.5.2
Matching in nixpkgs
pkgs.glances
Cross-platform curses-based monitoring tool
pkgs.python312Packages.glances-api
Python API for interacting with Glances
pkgs.python313Packages.glances-api
Python API for interacting with Glances
pkgs.python314Packages.glances-api
Python API for interacting with Glances
pkgs.home-assistant-component-tests.glances
Open source home automation that puts local control and privacy first
pkgs.tests.home-assistant-component-tests.glances
Open source home automation that puts local control and privacy first
Package maintainers
-
@primeos Michael Weiss <dev.primeos@gmail.com>
-
@k0ral Koral <koral@mailoo.org>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
-
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>