Nixpkgs security tracker

Login with GitHub

Suggestions search

Untriaged
Filter by:
With package: xboard

Found 1 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-39912
9.1 CRITICAL
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago
v2board / Xboard Authentication Token Exposure via loginWithMailLink

V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the login_with_mail_link_enable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receive the full authentication URL in the response, then exchange the token at the token2Login endpoint to obtain a valid bearer token with complete account access including admin privileges.

Affected products

Xboard
  • =<0.1.9
  • ==121511523f04882ec0c7447acd9b8ebcb8a47957
v2board
  • =<0ca47622a50116d0ddd7ffb316b157afb57d25e8
  • =<1.7.4

Matching in nixpkgs

Package maintainers