Nixpkgs security tracker
NIXPKGS-2026-1040
GitHub issue
published 2 months, 1 week ago
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
5 packages
- python312Packages.glances-api
- python313Packages.glances-api
- python314Packages.glances-api
- home-assistant-component-tests.glances
- tests.home-assistant-component-tests.glances
- @LeSuisse accepted
- @LeSuisse added maintainer @MiniHarinn maintainer.add
- @LeSuisse published on GitHub
Glances exposes the REST API without authentication
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with `glances -w`, exposing REST API with sensitive system information including process command-lines containing credentials (passwords, API keys, tokens) to any network client. Version 4.5.2 fixes the issue.
References
-
https://github.com/nicolargo/glances/security/advisories/GHSA-wvxv-4j8q-4wjq x_refsource_CONFIRM
Ignored references (1)
-
https://github.com/nicolargo/glances/releases/tag/v4.5.2 x_refsource_MISC
Affected products
glances
- ==< 4.5.2
Matching in nixpkgs
Ignored packages (5)
pkgs.python312Packages.glances-api
None
pkgs.python313Packages.glances-api
Python API for interacting with Glances
pkgs.python314Packages.glances-api
Python API for interacting with Glances
pkgs.home-assistant-component-tests.glances
None
pkgs.tests.home-assistant-component-tests.glances
Open source home automation that puts local control and privacy first
Package maintainers
-
@k0ral Koral <koral@mailoo.org>
Additional maintainers
-
@MiniHarinn Harinn <prinn.dev@pm.me>