Nixpkgs security tracker
8.2 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): Required (R)
- Scope (S): Changed (C)
- Confidentiality (C): Low (L)
- Integrity (I): High (H)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Changed (C)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): None (N)
Activity log
- Created suggestion
Outline: OAuth Scope Validation Logic Error Allows Privilege Escalation to Wildcard API Access
Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope() uses Array.some() to validate requested OAuth scopes, causing the function to accept the entire scope array if any single scope is valid. An attacker can smuggle the wildcard * scope by requesting scope=read *, escalating a read-only OAuth token to full unrestricted API access including write, delete, and admin operations. This vulnerability is fixed in 1.7.0.
References
-
https://github.com/outline/outline/security/advisories/GHSA-7732-6qrg-wjf4 x_refsource_CONFIRM
Affected products
- ==>= 0.84.0, < 1.7.0
Matching in nixpkgs
pkgs.outline
Fastest wiki and knowledge base for growing teams. Beautiful, feature rich, and markdown compatible
pkgs.go-outline
Utility to extract JSON representation of declarations from a Go source file
-
nixos-unstable 2021-06-08
- nixpkgs-unstable 2021-06-08
- nixos-unstable-small 2021-06-08
-
nixos-25.11 2021-06-08
- nixos-25.11-small 2021-06-08
- nixpkgs-25.11-darwin 2021-06-08
pkgs.mdbook-pdf-outline
None
pkgs.typstPackages.suboutline
An outline function just for one section and nothing else
pkgs.python312Packages.outlines
Structured text generation
pkgs.python313Packages.outlines
Structured text generation
pkgs.typstPackages.suboutline_0_1_0
An outline function just for one section and nothing else
pkgs.typstPackages.suboutline_0_2_0
An outline function just for one section and nothing else
pkgs.typstPackages.suboutline_0_3_0
An outline function just for one section and nothing else
pkgs.mplus-outline-fonts.osdnRelease
M+ Outline Fonts (legacy OSDN release)
pkgs.python312Packages.outlines-core
Structured text generation (core)
pkgs.python313Packages.outlines-core
Structured text generation (core)
pkgs.python314Packages.outlines-core
Structured text generation (core)
pkgs.typstPackages.outline-summaryst
A basic template for including a summary for each entry in the table of contents. Useful for writing books
pkgs.mplus-outline-fonts.githubRelease
M+ Outline Fonts (GitHub release)
-
nixos-unstable 2022-05-19
- nixpkgs-unstable 2022-05-19
- nixos-unstable-small 2022-05-19
-
nixos-25.11 2022-05-19
- nixos-25.11-small 2022-05-19
- nixpkgs-25.11-darwin 2022-05-19
pkgs.pkgsRocm.python3Packages.outlines
Structured text generation
pkgs.typstPackages.outline-summaryst_0_1_0
A basic template for including a summary for each entry in the table of contents. Useful for writing books
Package maintainers
-
@vdemeester Vincent Demeester <vincent@sbr.pm>
-
@HollowMan6 Songlin Jiang <hollowman@hollowman.ml>
-
@uakci uakci <git@uakci.space>
-
@xanderio Alexander Sieg <alex@xanderio.de>
-
@cab404 Vladimir Serov <cab404@mailbox.org>
-
@yrd Yannik Rödel <nix@yannik.info>
-
@e1mo Nina Fromm <nixpkgs@e1mo.de>
-
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
-
@danieldk Daniël de Kok <me@danieldk.eu>
-
@RossSmyth Ross Smyth
-
@cherrypiejam Gongqi Huang