Nixpkgs security tracker
4.3 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): Low (L)
- Integrity (I): None (N)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): None (N)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
45 packages
- gitlab-art
- gitlab-duo
- gitlab-kas
- gitlab-ci-ls
- gitlab-pages
- gitlab-shell
- danger-gitlab
- gitlab-clippy
- gitlab-runner
- gitlab-triage
- gitlab-ci-local
- gitlab-timelogs
- gitlab-ci-linter
- gitlab-workhorse
- gitlab-release-cli
- ocamlPackages.gitlab
- vimPlugins.gitlab-vim
- gitlab-container-registry
- ocamlPackages.gitlab-jsoo
- ocamlPackages.gitlab-unix
- rubyPackages.gitlab-markup
- terraform-providers.gitlab
- ocamlPackages_latest.gitlab
- gitlab-elasticsearch-indexer
- haskellPackages.gitlab-haskell
- rubyPackages_3_3.gitlab-markup
- rubyPackages_3_4.gitlab-markup
- rubyPackages_4_0.gitlab-markup
- python312Packages.mkdocs-gitlab
- python312Packages.python-gitlab
- python313Packages.mkdocs-gitlab
- python313Packages.python-gitlab
- python314Packages.mkdocs-gitlab
- python314Packages.python-gitlab
- ocamlPackages_latest.gitlab-jsoo
- ocamlPackages_latest.gitlab-unix
- terraform-providers.gitlabhq_gitlab
- gnomeExtensions.gitlab-time-tracking
- prometheus-gitlab-ci-pipelines-exporter
- vscode-extensions.gitlab.gitlab-workflow
- perlPackages.AlienBuildPluginDownloadGitLab
- gitlab-ee
- perl540Packages.AlienBuildPluginDownloadGitLab
- perl538Packages.AlienBuildPluginDownloadGitLab
- perl5Packages.AlienBuildPluginDownloadGitLab
- @LeSuisse restored package gitlab-ee
-
@LeSuisse
ignored
maintainer.ignore
5 maintainers
- @talyz
- @leona-ya
- @yayayayaka
- @krav
- @globin
- @LeSuisse accepted
- @LeSuisse published on GitHub
Authorization Bypass Through User-Controlled Key in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access.
References
Affected products
- <18.11.3
- <18.10.6
- <18.9.7
Matching in nixpkgs
pkgs.gitlab
GitLab Community Edition
Ignored packages (44)
pkgs.gitlab-art
Pull cross-project Gitlab artifact dependencies
pkgs.gitlab-duo
CLI for GitLab AI assistant
pkgs.gitlab-kas
Kubernetes Agent (Gitlab side)
pkgs.gitlab-ci-ls
GitLab CI Language Server (gitlab-ci-ls)
pkgs.gitlab-pages
Daemon used to serve static websites for GitLab users
pkgs.gitlab-shell
SSH access and repository management app for GitLab
pkgs.danger-gitlab
Gem that exists to ensure all dependencies are set up for Danger with GitLab
pkgs.gitlab-clippy
Convert clippy warnings into GitLab Code Quality report
pkgs.gitlab-runner
GitLab Runner the continuous integration executor of GitLab
pkgs.gitlab-triage
GitLab's issues and merge requests triage, automated
pkgs.gitlab-ci-local
Run gitlab pipelines locally as shell executor or docker executor
pkgs.gitlab-timelogs
CLI utility to support you with your time logs in GitLab
pkgs.gitlab-ci-linter
.gitlab-ci.yml lint helper tool
pkgs.gitlab-workhorse
None
pkgs.gitlab-release-cli
Toolset to create, retrieve and update releases on GitLab
pkgs.ocamlPackages.gitlab
Native OCaml bindings to Gitlab REST API v4
pkgs.vimPlugins.gitlab-vim
Integrate GitLab Duo with Neovim
pkgs.gitlab-container-registry
GitLab Docker toolset to pack, ship, store, and deliver content
pkgs.ocamlPackages.gitlab-jsoo
Gitlab APIv4 JavaScript library
pkgs.ocamlPackages.gitlab-unix
Gitlab APIv4 Unix library
pkgs.rubyPackages.gitlab-markup
None
pkgs.terraform-providers.gitlab
None
pkgs.ocamlPackages_latest.gitlab
Native OCaml bindings to Gitlab REST API v4
pkgs.gitlab-elasticsearch-indexer
Indexes Git repositories into Elasticsearch for GitLab
pkgs.haskellPackages.gitlab-haskell
A Haskell library for the GitLab web API
pkgs.rubyPackages_3_3.gitlab-markup
None
pkgs.rubyPackages_3_4.gitlab-markup
None
pkgs.rubyPackages_4_0.gitlab-markup
None
pkgs.python312Packages.mkdocs-gitlab
MkDocs plugin to transform strings into links to a Gitlab repository
pkgs.python312Packages.python-gitlab
Interact with GitLab API
pkgs.python313Packages.mkdocs-gitlab
MkDocs plugin to transform strings into links to a Gitlab repository
pkgs.python313Packages.python-gitlab
Interact with GitLab API
pkgs.python314Packages.mkdocs-gitlab
MkDocs plugin to transform strings into links to a Gitlab repository
pkgs.python314Packages.python-gitlab
Interact with GitLab API
pkgs.ocamlPackages_latest.gitlab-jsoo
Gitlab APIv4 JavaScript library
pkgs.ocamlPackages_latest.gitlab-unix
Gitlab APIv4 Unix library
pkgs.terraform-providers.gitlabhq_gitlab
None
pkgs.gnomeExtensions.gitlab-time-tracking
Track time spent on GitLab issues with a convenient system tray timer.
pkgs.prometheus-gitlab-ci-pipelines-exporter
Prometheus / OpenMetrics exporter for GitLab CI pipelines insights
pkgs.vscode-extensions.gitlab.gitlab-workflow
GitLab extension for Visual Studio Code
pkgs.perlPackages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
pkgs.perl5Packages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
pkgs.perl538Packages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
pkgs.perl540Packages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
Package maintainers
Ignored maintainers (5)
-
@talyz Kim Lindberger <kim.lindberger@gmail.com>
-
@leona-ya Leona Maroni <nix@leona.is>
-
@yayayayaka Yaya <github@uwu.is>
-
@krav Kristoffer Thømt Ravneberg <kristoffer@microdisko.no>
-
@globin Robin Gloster <mail@glob.in>