Nixpkgs security tracker
Dismissed
Permalink
CVE-2026-33125
7.1 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): Low (L)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): High (H)
by @mweinelt Activity log
- Created suggestion
-
@mweinelt
ignored
2 packages
- pkgsRocm.frigate
- home-assistant-custom-components.frigate
- @mweinelt dismissed
Frigate Broken Access Control: Users assigned the viewer role can delete admin and other low-privileged accounts
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In versions 0.16.2 and below, users with the viewer role can delete admin and low-privileged user accounts. Exploitation can lead to DoS and affect data integrity. This issue has been patched in version 0.16.3.
References
-
https://github.com/blakeblackshear/frigate/releases/tag/v0.16.3 x_refsource_MISC
Affected products
frigate
- ==< 0.16.3
Matching in nixpkgs
Ignored packages (2)
pkgs.pkgsRocm.frigate
NVR with realtime local object detection for IP cameras
Package maintainers
-
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>