Nixpkgs security tracker

Permalink CVE-2025-67860

3.8 LOW

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

created 1 month, 4 weeks ago Activity log

Created suggestion 1 month, 4 weeks ago

NeuVector scanner insecurely handles passwords as command arguments

A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users.

References

Affected products

github.com/neuvector/scanner

<4.072

Matching in nixpkgs

pkgs.theharvester

Gather E-mails, subdomains and names from different public sources

nixos-unstable 4.10.0
- nixpkgs-unstable 4.10.0
- nixos-unstable-small 4.10.0
nixos-25.11 4.8.2
- nixos-25.11-small 4.8.2
- nixpkgs-25.11-darwin 4.8.2

Package maintainers

@c0bw3b Renaud <c0bw3b@gmail.com>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@treemo Matthieu Chevrier <matthieu.chevrier@treemo.fr>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.theharvester

Package maintainers