Dismissed
Permalink
CVE-2026-33125
7.1 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): LOW
- Availability impact (A): HIGH
by @mweinelt Activity log
- Created automatic suggestion
-
@mweinelt
removed
2 packages
- pkgsRocm.frigate
- home-assistant-custom-components.frigate
- @mweinelt dismissed
Frigate Broken Access Control: Users assigned the viewer role can delete admin and other low-privileged accounts
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In versions 0.16.2 and below, users with the viewer role can delete admin and low-privileged user accounts. Exploitation can lead to DoS and affect data integrity. This issue has been patched in version 0.16.3.
References
- https://github.com/blakeblackshear/frigate/releases/tag/v0.16.3 x_refsource_MISC
- https://github.com/blakeblackshear/frigate/security/advisories/GHSA-vg28-83rp-8xx4 x_refsource_CONFIRM
Affected products
frigate
- ==< 0.16.3
Matching in nixpkgs
Ignored packages (2)
pkgs.pkgsRocm.frigate
NVR with realtime local object detection for IP cameras
Package maintainers
-
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>