Nixpkgs security tracker
5.8 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): Low (L)
- User Interaction (UI): Required (R)
- Scope (S): Changed (C)
- Confidentiality (C): High (H)
- Integrity (I): None (N)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): High (H)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Changed (C)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): None (N)
Activity log
- Created suggestion
Outline: Slack OAuth state can link a victim Outline account to an attacker Slack identity
Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A third party who can obtain a Slack OAuth code for the same Outline Slack client can make a logged-in Outline user complete the callback and link that user's Outline account to the attacker's Slack team_id and user_id. The linked Slack identity can then use the Slack /outline search command as the victim Outline user. This vulnerability is fixed in 1.7.1.
References
-
https://github.com/outline/outline/security/advisories/GHSA-mjgw-5j7q-gv8v x_refsource_CONFIRM
Affected products
- ==< 1.7.1
Matching in nixpkgs
pkgs.outline
Fastest wiki and knowledge base for growing teams. Beautiful, feature rich, and markdown compatible
pkgs.go-outline
Utility to extract JSON representation of declarations from a Go source file
-
nixos-unstable 2021-06-08
- nixpkgs-unstable 2021-06-08
- nixos-unstable-small 2021-06-08
-
nixos-25.11 2021-06-08
- nixos-25.11-small 2021-06-08
- nixpkgs-25.11-darwin 2021-06-08
pkgs.mdbook-pdf-outline
None
pkgs.typstPackages.suboutline
An outline function just for one section and nothing else
pkgs.python312Packages.outlines
Structured text generation
pkgs.python313Packages.outlines
Structured text generation
pkgs.typstPackages.suboutline_0_1_0
An outline function just for one section and nothing else
pkgs.typstPackages.suboutline_0_2_0
An outline function just for one section and nothing else
pkgs.typstPackages.suboutline_0_3_0
An outline function just for one section and nothing else
pkgs.mplus-outline-fonts.osdnRelease
M+ Outline Fonts (legacy OSDN release)
pkgs.python312Packages.outlines-core
Structured text generation (core)
pkgs.python313Packages.outlines-core
Structured text generation (core)
pkgs.python314Packages.outlines-core
Structured text generation (core)
pkgs.typstPackages.outline-summaryst
A basic template for including a summary for each entry in the table of contents. Useful for writing books
pkgs.mplus-outline-fonts.githubRelease
M+ Outline Fonts (GitHub release)
-
nixos-unstable 2022-05-19
- nixpkgs-unstable 2022-05-19
- nixos-unstable-small 2022-05-19
-
nixos-25.11 2022-05-19
- nixos-25.11-small 2022-05-19
- nixpkgs-25.11-darwin 2022-05-19
pkgs.pkgsRocm.python3Packages.outlines
Structured text generation
pkgs.typstPackages.outline-summaryst_0_1_0
A basic template for including a summary for each entry in the table of contents. Useful for writing books
Package maintainers
-
@vdemeester Vincent Demeester <vincent@sbr.pm>
-
@HollowMan6 Songlin Jiang <hollowman@hollowman.ml>
-
@uakci uakci <git@uakci.space>
-
@xanderio Alexander Sieg <alex@xanderio.de>
-
@cab404 Vladimir Serov <cab404@mailbox.org>
-
@yrd Yannik Rödel <nix@yannik.info>
-
@e1mo Nina Fromm <nixpkgs@e1mo.de>
-
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
-
@danieldk Daniël de Kok <me@danieldk.eu>
-
@RossSmyth Ross Smyth
-
@cherrypiejam Gongqi Huang