Nixpkgs security tracker
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
20 packages
- fleetctl
- fleeting-plugin-aws
- azure-cli-extensions.fleet
- python312Packages.tesla-fleet-api
- python313Packages.tesla-fleet-api
- python314Packages.tesla-fleet-api
- haskellPackages.amazonka-iotfleethub
- haskellPackages.amazonka-iotfleetwise
- python312Packages.mypy-boto3-iotfleethub
- python313Packages.mypy-boto3-iotfleethub
- python314Packages.mypy-boto3-iotfleethub
- python312Packages.mypy-boto3-iotfleetwise
- python313Packages.mypy-boto3-iotfleetwise
- python314Packages.mypy-boto3-iotfleetwise
- home-assistant-component-tests.tesla_fleet
- python312Packages.types-aiobotocore-iotfleethub
- python313Packages.types-aiobotocore-iotfleethub
- python312Packages.types-aiobotocore-iotfleetwise
- python313Packages.types-aiobotocore-iotfleetwise
- tests.home-assistant-component-tests.tesla_fleet
- @LeSuisse accepted
- @LeSuisse published on GitHub
Fleet's user account creation via invite does not enforce invited email address
Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token could create an account under an arbitrary email address while inheriting the role granted by the invite, including global admin. Version 4.81.0 patches the issue.
References
-
https://github.com/fleetdm/fleet/security/advisories/GHSA-4f9r-x588-pp2h x_refsource_CONFIRM
Affected products
- ==< 4.81.0
Matching in nixpkgs
Ignored packages (20)
pkgs.fleetctl
CLI tool for managing Fleet
pkgs.fleeting-plugin-aws
GitLab fleeting plugin for AWS
pkgs.azure-cli-extensions.fleet
Microsoft Azure Command-Line Tools Fleet Extension
pkgs.python312Packages.tesla-fleet-api
None
pkgs.python313Packages.tesla-fleet-api
Python library for Tesla Fleet API and Teslemetry
pkgs.python314Packages.tesla-fleet-api
Python library for Tesla Fleet API and Teslemetry
pkgs.haskellPackages.amazonka-iotfleethub
Amazon IoT Fleet Hub SDK
-
nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
pkgs.haskellPackages.amazonka-iotfleetwise
Amazon IoT FleetWise SDK
-
nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
pkgs.python312Packages.mypy-boto3-iotfleethub
None
pkgs.python313Packages.mypy-boto3-iotfleethub
Type annotations for boto3 iotfleethub
-
nixos-unstable boto3-iotfleethub-1.40.17
- nixpkgs-unstable boto3-iotfleethub-1.40.17
- nixos-unstable-small boto3-iotfleethub-1.40.17
pkgs.python314Packages.mypy-boto3-iotfleethub
Type annotations for boto3 iotfleethub
-
nixos-unstable boto3-iotfleethub-1.40.17
- nixpkgs-unstable boto3-iotfleethub-1.40.17
- nixos-unstable-small boto3-iotfleethub-1.40.17
pkgs.python313Packages.mypy-boto3-iotfleetwise
Type annotations for boto3 iotfleetwise
-
nixos-unstable boto3-iotfleetwise-1.42.3
- nixpkgs-unstable boto3-iotfleetwise-1.42.3
- nixos-unstable-small boto3-iotfleetwise-1.42.3
pkgs.python314Packages.mypy-boto3-iotfleetwise
Type annotations for boto3 iotfleetwise
-
nixos-unstable boto3-iotfleetwise-1.42.3
- nixpkgs-unstable boto3-iotfleetwise-1.42.3
- nixos-unstable-small boto3-iotfleetwise-1.42.3
pkgs.python313Packages.types-aiobotocore-iotfleethub
Type annotations for aiobotocore iotfleethub
pkgs.python313Packages.types-aiobotocore-iotfleetwise
Type annotations for aiobotocore iotfleetwise
pkgs.tests.home-assistant-component-tests.tesla_fleet
Open source home automation that puts local control and privacy first
Package maintainers
-
@asauzeau Antoine Sauzeau <antoine.sauzeau3@gmail.com>
-
@bddvlpr Luna Simons <luna@bddvlpr.com>
-
@LeSuisse Thomas Gerbet <thomas@gerbet.me>