Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-3192

5.6 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month, 4 weeks ago Activity log

Created suggestion 1 month, 4 weeks ago

Chia Blockchain RPC Credential rpc_server_base.py _authenticate improper authentication

A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function _authenticate of the file rpc_server_base.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".

References

VDB-347748 | Chia Blockchain RPC Credential rpc_server_base.py _authenticate improper authentication vdb-entrytechnical-description
VDB-347748 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
https://github.com/Danimlzg/chia-rpc-auth-bypass.git exploit

Affected products

Blockchain

==2.1.0

Matching in nixpkgs

pkgs.python312Packages.blockchain

Python client Blockchain Bitcoin Developer API

nixos-25.11 1.4.4
- nixos-25.11-small 1.4.4
- nixpkgs-25.11-darwin 1.4.4

pkgs.python312Packages.python-blockchain-api

Python API for interacting with blockchain.info

nixos-25.11 0.0.2
- nixos-25.11-small 0.0.2
- nixpkgs-25.11-darwin 0.0.2

pkgs.python313Packages.python-blockchain-api

Python API for interacting with blockchain.info

nixos-unstable 0.0.2
- nixpkgs-unstable 0.0.2
- nixos-unstable-small 0.0.2
nixos-25.11 0.0.2
- nixos-25.11-small 0.0.2
- nixpkgs-25.11-darwin 0.0.2

pkgs.python314Packages.python-blockchain-api

Python API for interacting with blockchain.info

nixos-unstable 0.0.2
- nixpkgs-unstable 0.0.2
- nixos-unstable-small 0.0.2

pkgs.haskellPackages.amazonka-managedblockchain

Amazon Managed Blockchain SDK

nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
nixos-25.11 2.0-unstable-2025-04-16
- nixos-25.11-small 2.0-unstable-2025-04-16
- nixpkgs-25.11-darwin 2.0-unstable-2025-04-16

pkgs.python312Packages.mypy-boto3-managedblockchain

Type annotations for boto3 managedblockchain

nixos-25.11 boto3-managedblockchain-1.41.0
- nixos-25.11-small boto3-managedblockchain-1.41.0
- nixpkgs-25.11-darwin boto3-managedblockchain-1.41.0

pkgs.python313Packages.mypy-boto3-managedblockchain

Type annotations for boto3 managedblockchain

nixos-unstable boto3-managedblockchain-1.42.3
- nixpkgs-unstable boto3-managedblockchain-1.42.3
- nixos-unstable-small boto3-managedblockchain-1.42.3
nixos-25.11 boto3-managedblockchain-1.41.0
- nixos-25.11-small boto3-managedblockchain-1.41.0
- nixpkgs-25.11-darwin boto3-managedblockchain-1.41.0

pkgs.python314Packages.mypy-boto3-managedblockchain

Type annotations for boto3 managedblockchain

nixos-unstable boto3-managedblockchain-1.42.3
- nixpkgs-unstable boto3-managedblockchain-1.42.3
- nixos-unstable-small boto3-managedblockchain-1.42.3

pkgs.python312Packages.mypy-boto3-managedblockchain-query

Type annotations for boto3 managedblockchain-query

nixos-25.11 boto3-managedblockchain-query-1.41.0
- nixos-25.11-small boto3-managedblockchain-query-1.41.0
- nixpkgs-25.11-darwin boto3-managedblockchain-query-1.41.0

pkgs.python313Packages.mypy-boto3-managedblockchain-query

Type annotations for boto3 managedblockchain-query

nixos-unstable boto3-managedblockchain-query-1.42.3
- nixpkgs-unstable boto3-managedblockchain-query-1.42.3
- nixos-unstable-small boto3-managedblockchain-query-1.42.3
nixos-25.11 boto3-managedblockchain-query-1.41.0
- nixos-25.11-small boto3-managedblockchain-query-1.41.0
- nixpkgs-25.11-darwin boto3-managedblockchain-query-1.41.0

pkgs.python314Packages.mypy-boto3-managedblockchain-query

Type annotations for boto3 managedblockchain-query

nixos-unstable boto3-managedblockchain-query-1.42.3
- nixpkgs-unstable boto3-managedblockchain-query-1.42.3
- nixos-unstable-small boto3-managedblockchain-query-1.42.3

pkgs.python312Packages.types-aiobotocore-managedblockchain

Type annotations for aiobotocore managedblockchain

nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python313Packages.types-aiobotocore-managedblockchain

Type annotations for aiobotocore managedblockchain

nixos-unstable 3.1.1
- nixpkgs-unstable 3.1.1
- nixos-unstable-small 3.1.1
nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python312Packages.types-aiobotocore-managedblockchain-query

Type annotations for aiobotocore managedblockchain-query

nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python313Packages.types-aiobotocore-managedblockchain-query

Type annotations for aiobotocore managedblockchain-query

nixos-unstable 3.1.1
- nixpkgs-unstable 3.1.1
- nixos-unstable-small 3.1.1
nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@mbalatsko Maksym Balatsko <mbalatsko@gmail.com>
@JamieMagee Jamie Magee <jamie.magee@gmail.com>