Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-44423
6.5 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): None (N)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): None (N)
Activity log
- Created suggestion
ShellHub: Cross-tenant IDOR in `GET /api/sessions/:uid` discloses SSH session data
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records (SSH username, device UID, remote IP, terminal type, authenticated flag, timestamps) belonging to any other namespace. This vulnerability is fixed in 0.24.2.
References
-
https://github.com/shellhub-io/shellhub/security/advisories/GHSA-9w9c-9w8m-w89q x_refsource_CONFIRM
Affected products
shellhub
- ==< 0.24.2
Matching in nixpkgs
pkgs.shellhub-agent
Enables easy access any Linux device behind firewall and NAT
Package maintainers
-
@otavio Otavio Salvador <otavio.salvador@ossystems.com.br>