8.1 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): NONE
Outline's IDOR allows unauthorized viewing and seizing of private deleted drafts
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users, including administrators. By bypassing ownership validation during the restore process, an attacker can access sensitive private information and effectively lock the original owner out of their own content. Version 1.4.0 fixes the issue.
References
- https://github.com/outline/outline/security/advisories/GHSA-gmr5-43f5-79f5 x_refsource_CONFIRM
Affected products
- ==< 1.4.0
Matching in nixpkgs
pkgs.outline
Fastest wiki and knowledge base for growing teams. Beautiful, feature rich, and markdown compatible
pkgs.go-outline
Utility to extract JSON representation of declarations from a Go source file
-
nixos-unstable 2021-06-08
- nixpkgs-unstable 2021-06-08
- nixos-unstable-small 2021-06-08
-
nixos-25.11 2021-06-08
- nixos-25.11-small 2021-06-08
- nixpkgs-25.11-darwin 2021-06-08
pkgs.mdbook-pdf-outline
None
pkgs.typstPackages.suboutline
An outline function just for one section and nothing else
pkgs.python312Packages.outlines
Structured text generation
pkgs.python313Packages.outlines
Structured text generation
pkgs.typstPackages.suboutline_0_1_0
An outline function just for one section and nothing else
pkgs.typstPackages.suboutline_0_2_0
An outline function just for one section and nothing else
pkgs.typstPackages.suboutline_0_3_0
An outline function just for one section and nothing else
pkgs.mplus-outline-fonts.osdnRelease
M+ Outline Fonts (legacy OSDN release)
pkgs.python312Packages.outlines-core
Structured text generation (core)
pkgs.python313Packages.outlines-core
Structured text generation (core)
pkgs.python314Packages.outlines-core
Structured text generation (core)
pkgs.typstPackages.outline-summaryst
A basic template for including a summary for each entry in the table of contents. Useful for writing books
pkgs.mplus-outline-fonts.githubRelease
M+ Outline Fonts (GitHub release)
-
nixos-unstable 2022-05-19
- nixpkgs-unstable 2022-05-19
- nixos-unstable-small 2022-05-19
-
nixos-25.11 2022-05-19
- nixos-25.11-small 2022-05-19
- nixpkgs-25.11-darwin 2022-05-19
pkgs.pkgsRocm.python3Packages.outlines
Structured text generation
pkgs.typstPackages.outline-summaryst_0_1_0
A basic template for including a summary for each entry in the table of contents. Useful for writing books
Package maintainers
-
@vdemeester Vincent Demeester <vincent@sbr.pm>
-
@HollowMan6 Songlin Jiang <hollowman@hollowman.ml>
-
@uakci uakci <git@uakci.space>
-
@yrd Yannik Rödel <nix@yannik.info>
-
@cab404 Vladimir Serov <cab404@mailbox.org>
-
@xanderio Alexander Sieg <alex@xanderio.de>
-
@blitz Julian Stecklina <js@alien8.de>
-
@snue Stefan Nuernberger <kabelfrickler@gmail.com>
-
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
-
@danieldk Daniël de Kok <me@danieldk.eu>
-
@cherrypiejam Gongqi Huang