Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2020-36958

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 months, 3 weeks ago

Kite 1.2020.1119.0 - 'KiteService' Unquoted Service Path

Kite 1.2020.1119.0 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Kite\KiteService.exe' to inject malicious executables and escalate privileges on the system.

References

ExploitDB-49205 exploit
Vendor Homepage product
VulnCheck Advisory: Kite 1.2020.1119.0 - 'KiteService' Unquoted Service Path third-party-advisory

Affected products

Kite

=<1.2020.1119.0

Matching in nixpkgs

pkgs.kitex

High-performance and strong-extensibility Golang RPC framework

nixos-unstable 0.14.1
- nixpkgs-unstable 0.14.1
- nixos-unstable-small 0.14.1
nixos-25.11 0.15.2
- nixpkgs-25.11-darwin 0.15.2

pkgs.kiterunner

Contextual content discovery tool

nixos-unstable 1.0.2
- nixpkgs-unstable 1.0.2
- nixos-unstable-small 1.0.2
nixos-25.11 1.0.2
- nixpkgs-25.11-darwin 1.0.2

pkgs.buildkite-cli

Command line interface for Buildkite

nixos-unstable 3.8.0
- nixpkgs-unstable 3.8.0
- nixos-unstable-small 3.8.0
nixos-25.11 3.13.0
- nixpkgs-25.11-darwin 3.13.0

pkgs.buildkite-agent

Build runner for buildkite.com

nixos-unstable 3.89.0
- nixpkgs-unstable 3.89.0
- nixos-unstable-small 3.89.0
nixos-25.11 3.89.0
- nixpkgs-25.11-darwin 3.89.0

pkgs.kdePackages.kiten

Japanese Reference/Study Tool

nixos-unstable 25.04.3
- nixpkgs-unstable 25.04.3
- nixos-unstable-small 25.04.3
nixos-25.11 25.08.3
- nixpkgs-25.11-darwin 25.08.3

pkgs.libsForQt5.krohnkite

Dynamic tiling extension for KWin

nixos-unstable 0.8.2
- nixpkgs-unstable 0.8.2
- nixos-unstable-small 0.8.2

pkgs.kdePackages.krohnkite

Dynamic Tiling Extension for KWin 6

nixos-unstable 0.9.9.2
- nixpkgs-unstable 0.9.9.2
- nixos-unstable-small 0.9.9.2
nixos-25.11 0.9.9.2
- nixpkgs-25.11-darwin 0.9.9.2

pkgs.libsForQt5.kitemviews

None

nixos-unstable 5.116.0
- nixpkgs-unstable 5.116.0
- nixos-unstable-small 5.116.0
nixos-25.11 5.116.0
- nixpkgs-25.11-darwin 5.116.0

pkgs.kdePackages.kitemviews

KItemViews

nixos-unstable 6.16.0
- nixpkgs-unstable 6.17.0
- nixos-unstable-small 6.17.0
nixos-25.11 6.20.0
- nixpkgs-25.11-darwin 6.20.0

pkgs.libsForQt5.kitemmodels

None

nixos-unstable 5.116.0
- nixpkgs-unstable 5.116.0
- nixos-unstable-small 5.116.0
nixos-25.11 5.116.0
- nixpkgs-25.11-darwin 5.116.0

pkgs.buildkite-agent-metrics

Command-line tool (and Lambda) for collecting Buildkite agent metrics

nixos-unstable 5.9.13
- nixpkgs-unstable 5.9.13
- nixos-unstable-small 5.9.13
nixos-25.11 5.10.0
- nixpkgs-25.11-darwin 5.10.0

pkgs.kdePackages.kitemmodels

KItemModels

nixos-unstable 6.16.0
- nixpkgs-unstable 6.17.0
- nixos-unstable-small 6.17.0
nixos-25.11 6.20.0
- nixpkgs-25.11-darwin 6.20.0

pkgs.plasma5Packages.krohnkite

Dynamic tiling extension for KWin

nixos-unstable 0.8.2
- nixpkgs-unstable 0.8.2
- nixos-unstable-small 0.8.2

pkgs.plasma5Packages.kitemviews

None

nixos-unstable 5.116.0
- nixpkgs-unstable 5.116.0
- nixos-unstable-small 5.116.0
nixos-25.11 5.116.0
- nixpkgs-25.11-darwin 5.116.0

pkgs.plasma5Packages.kitemmodels

None

nixos-unstable 5.116.0
- nixpkgs-unstable 5.116.0
- nixos-unstable-small 5.116.0
nixos-25.11 5.116.0
- nixpkgs-25.11-darwin 5.116.0

pkgs.buildkite-test-collector-rust

Rust adapter for Buildkite Test Analytics

nixos-unstable 0.1.3
- nixpkgs-unstable 0.1.3
- nixos-unstable-small 0.1.3
nixos-25.11 0.1.3
- nixpkgs-25.11-darwin 0.1.3

pkgs.terraform-providers.buildkite

None

nixos-unstable 1.23.0
- nixpkgs-unstable 1.23.0
- nixos-unstable-small 1.23.0

pkgs.haskellPackages.PenroseKiteDart

Library to explore Penrose's Kite and Dart Tilings

nixos-unstable 1.3
- nixpkgs-unstable 1.3
- nixos-unstable-small 1.3
nixos-25.11 1.5.1
- nixpkgs-25.11-darwin 1.5.1

pkgs.python312Packages.wikitextparser

Simple parsing tool for MediaWiki's wikitext markup

nixos-unstable 0.56.2
- nixpkgs-unstable 0.56.2
- nixos-unstable-small 0.56.2
nixos-25.11 0.56.4
- nixpkgs-25.11-darwin 0.56.4

pkgs.python313Packages.wikitextparser

Simple parsing tool for MediaWiki's wikitext markup

nixos-unstable 0.56.2
- nixpkgs-unstable 0.56.2
- nixos-unstable-small 0.56.2
nixos-25.11 0.56.4
- nixpkgs-25.11-darwin 0.56.4

pkgs.terraform-providers.buildkite_buildkite

None

nixos-25.11 1.26.0
- nixpkgs-25.11-darwin 1.26.0

pkgs.vscode-extensions.RoweWilsonFrederiskHolme.wikitext

Extension that helps users view and write MediaWiki's Wikitext files

nixos-unstable 4.0.2
- nixpkgs-unstable 4.0.2
- nixos-unstable-small 4.0.2
nixos-25.11 4.0.2
- nixpkgs-25.11-darwin 4.0.2

Package maintainers

@jsoo1 John Soo <jsoo1@asu.edu>
@mostlyobvious Paweł Pacana <pawel.pacana@gmail.com>
@zimbatm zimbatm <zimbatm@zimbatm.com>
@techknowlogick techknowlogick <techknowlogick@gitea.com>
@grahamc Graham Christensen <graham@grahamc.com>
@cole-h Cole Helbling <cole.e.helbling@outlook.com>
@groodt Greg Roodt <groodt@gmail.com>
@jfroche Jean-François Roche <jfroche@pyxel.be>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@K900 Ilya K. <me@0upti.me>
@NickCao Nick Cao <nickcao@nichi.co>
@Ben9986 Ben Carmichael <ben9986.unvmn@passinbox.com>
@dramforever Vivian Wang <dramforever@live.com>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@nyanloutre Paul Trehiou <paul@nyanlout.re>
@seqizz Gurkan Gur <seqizz@gmail.com>
@Steinhagen Viorel-Cătălin Răpițeanu <rapiteanu.catalin@gmail.com>