Nixpkgs security tracker

Untriaged

Permalink CVE-2026-44833

5.9 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Adjacent (A)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): Required (R)
Scope (S): Changed (C)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): Low (L)
Modified Attack Vector (MAV): Adjacent (A)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

created 6 days ago Activity log

Created suggestion 6 days ago

Snipe-IT: Open redirect vulnerability

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1.

References

https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg x_refsource_CONFIRM
https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373 x_refsource_MISC

Affected products

snipe-it

==< 8.4.1

Matching in nixpkgs

pkgs.snipe-it

Free open source IT asset/license management system

nixos-unstable 8.4.1
- nixpkgs-unstable 8.4.1
- nixos-unstable-small 8.4.1
nixos-25.11 8.3.7
- nixos-25.11-small 8.3.7
- nixpkgs-25.11-darwin 8.3.7

Package maintainers

@yayayayaka Yaya <github@uwu.is>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.snipe-it

Package maintainers