Nixpkgs security tracker
4.3 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): Low (L)
- Integrity (I): None (N)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): None (N)
Activity log
- Created suggestion
Authorization Bypass Through User-Controlled Key in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control.
References
Affected products
- <18.11.3
- <18.10.6
- <18.9.7
Matching in nixpkgs
pkgs.gitlab
GitLab Community Edition
pkgs.gitlab-ee
GitLab Enterprise Edition
pkgs.gitlab-art
Pull cross-project Gitlab artifact dependencies
pkgs.gitlab-duo
CLI for GitLab AI assistant
pkgs.gitlab-kas
Kubernetes Agent (Gitlab side)
pkgs.gitlab-ci-ls
GitLab CI Language Server (gitlab-ci-ls)
pkgs.gitlab-pages
Daemon used to serve static websites for GitLab users
pkgs.gitlab-shell
SSH access and repository management app for GitLab
pkgs.danger-gitlab
Gem that exists to ensure all dependencies are set up for Danger with GitLab
pkgs.gitlab-clippy
Convert clippy warnings into GitLab Code Quality report
pkgs.gitlab-runner
GitLab Runner the continuous integration executor of GitLab
pkgs.gitlab-triage
GitLab's issues and merge requests triage, automated
pkgs.gitlab-ci-local
Run gitlab pipelines locally as shell executor or docker executor
pkgs.gitlab-timelogs
CLI utility to support you with your time logs in GitLab
pkgs.gitlab-ci-linter
.gitlab-ci.yml lint helper tool
pkgs.gitlab-workhorse
None
pkgs.gitlab-release-cli
Toolset to create, retrieve and update releases on GitLab
pkgs.ocamlPackages.gitlab
Native OCaml bindings to Gitlab REST API v4
pkgs.vimPlugins.gitlab-vim
Integrate GitLab Duo with Neovim
pkgs.gitlab-container-registry
GitLab Docker toolset to pack, ship, store, and deliver content
pkgs.ocamlPackages.gitlab-jsoo
Gitlab APIv4 JavaScript library
pkgs.ocamlPackages.gitlab-unix
Gitlab APIv4 Unix library
pkgs.rubyPackages.gitlab-markup
None
pkgs.terraform-providers.gitlab
None
pkgs.ocamlPackages_latest.gitlab
Native OCaml bindings to Gitlab REST API v4
pkgs.gitlab-elasticsearch-indexer
Indexes Git repositories into Elasticsearch for GitLab
pkgs.haskellPackages.gitlab-haskell
A Haskell library for the GitLab web API
pkgs.rubyPackages_3_3.gitlab-markup
None
pkgs.rubyPackages_3_4.gitlab-markup
None
pkgs.rubyPackages_4_0.gitlab-markup
None
pkgs.python312Packages.mkdocs-gitlab
MkDocs plugin to transform strings into links to a Gitlab repository
pkgs.python312Packages.python-gitlab
Interact with GitLab API
pkgs.python313Packages.mkdocs-gitlab
MkDocs plugin to transform strings into links to a Gitlab repository
pkgs.python313Packages.python-gitlab
Interact with GitLab API
pkgs.python314Packages.mkdocs-gitlab
MkDocs plugin to transform strings into links to a Gitlab repository
pkgs.python314Packages.python-gitlab
Interact with GitLab API
pkgs.ocamlPackages_latest.gitlab-jsoo
Gitlab APIv4 JavaScript library
pkgs.ocamlPackages_latest.gitlab-unix
Gitlab APIv4 Unix library
pkgs.terraform-providers.gitlabhq_gitlab
None
pkgs.gnomeExtensions.gitlab-time-tracking
Track time spent on GitLab issues with a convenient system tray timer.
pkgs.prometheus-gitlab-ci-pipelines-exporter
Prometheus / OpenMetrics exporter for GitLab CI pipelines insights
pkgs.vscode-extensions.gitlab.gitlab-workflow
GitLab extension for Visual Studio Code
pkgs.perlPackages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
pkgs.perl5Packages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
pkgs.perl538Packages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
pkgs.perl540Packages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
Package maintainers
-
@balsoft Alexander Bantyev <balsoft75@gmail.com>
-
@globin Robin Gloster <mail@glob.in>
-
@krav Kristoffer Thømt Ravneberg <kristoffer@microdisko.no>
-
@yayayayaka Yaya <github@uwu.is>
-
@leona-ya Leona Maroni <nix@leona.is>
-
@talyz Kim Lindberger <kim.lindberger@gmail.com>
-
@caniko Can H. Tartanoglu <gpg@rotas.mozmail.com>
-
@pineapplehunter Shogo Takata <peshogo+nixpkgs@gmail.com>
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
-
@wucke13 Wucke <wucke13@gmail.com>
-
@snue Stefan Nuernberger <kabelfrickler@gmail.com>
-
@xanderio Alexander Sieg <alex@xanderio.de>
-
@e1mo Nina Fromm <nixpkgs@e1mo.de>
-
@kilimnik Daniel Kilimnik <mail@kilimnik.de>
-
@zimbatm zimbatm <zimbatm@zimbatm.com>
-
@blitz Julian Stecklina <js@alien8.de>
-
@phip1611 Philipp Schuster <phip1611@gmail.com>
-
@zazedd Leonardo Santos <leomendesantos@gmail.com>
-
@mvisonneau Maxime VISONNEAU <maxime@visonneau.fr>
-
@mmahut Marek Mahut <marek.mahut@gmail.com>
-
@snpschaaf Philippe Schaaf <philipe.schaaf@secunet.com>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>
-
@tbaldwin-dev Trent Baldwin <trent.baldwin@proton.me>
-
@afontaine Andrewfontaine <andrew@afontaine.ca>
-
@honnip Jung seungwoo <me@honnip.page>