Nixpkgs security tracker
4.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): LOW
- Availability impact (A): NONE
Activity log
- Created suggestion
Server-Side Request Forgery (SSRF) in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing protections in the Git repository import functionality.
References
Affected products
- <18.8.4
- <18.7.4
- <18.6.6
Matching in nixpkgs
pkgs.gitlab
GitLab Community Edition
pkgs.gitlab-ee
GitLab Enterprise Edition
pkgs.gitlab-duo
CLI for GitLab AI assistant
pkgs.gitlab-kas
Kubernetes Agent (Gitlab side)
pkgs.gitlab-ci-ls
GitLab CI Language Server (gitlab-ci-ls)
pkgs.gitlab-pages
Daemon used to serve static websites for GitLab users
pkgs.gitlab-shell
SSH access and repository management app for GitLab
pkgs.danger-gitlab
Gem that exists to ensure all dependencies are set up for Danger with GitLab
pkgs.gitlab-clippy
Convert clippy warnings into GitLab Code Quality report
pkgs.gitlab-runner
GitLab Runner the continuous integration executor of GitLab
pkgs.gitlab-triage
GitLab's issues and merge requests triage, automated
pkgs.gitlab-ci-local
Run gitlab pipelines locally as shell executor or docker executor
pkgs.gitlab-timelogs
CLI utility to support you with your time logs in GitLab
pkgs.gitlab-ci-linter
.gitlab-ci.yml lint helper tool
pkgs.gitlab-workhorse
None
pkgs.gitlab-release-cli
Toolset to create, retrieve and update releases on GitLab
pkgs.ocamlPackages.gitlab
Native OCaml bindings to Gitlab REST API v4
pkgs.vimPlugins.gitlab-vim
Integrate GitLab Duo with Neovim
pkgs.gitlab-container-registry
GitLab Docker toolset to pack, ship, store, and deliver content
pkgs.ocamlPackages.gitlab-jsoo
Gitlab APIv4 JavaScript library
pkgs.ocamlPackages.gitlab-unix
Gitlab APIv4 Unix library
pkgs.rubyPackages.gitlab-markup
None
-
nixos-25.11 2.0.0
pkgs.terraform-providers.gitlab
None
-
nixos-unstable 18.2.0
pkgs.ocamlPackages_latest.gitlab
Native OCaml bindings to Gitlab REST API v4
pkgs.gitlab-elasticsearch-indexer
Indexes Git repositories into Elasticsearch for GitLab
pkgs.haskellPackages.gitlab-haskell
A Haskell library for the GitLab web API
pkgs.rubyPackages_3_1.gitlab-markup
None
-
nixos-unstable 2.0.0
pkgs.rubyPackages_3_2.gitlab-markup
None
-
nixos-unstable 2.0.0
pkgs.rubyPackages_3_3.gitlab-markup
None
pkgs.rubyPackages_3_4.gitlab-markup
None
pkgs.rubyPackages_3_5.gitlab-markup
None
-
nixos-25.11 -
- nixpkgs-25.11-darwin 2.0.0
pkgs.rubyPackages_4_0.gitlab-markup
None
-
nixos-25.11 2.0.0
pkgs.python312Packages.mkdocs-gitlab
MkDocs plugin to transform strings such as #1234, %56, or !789 into links to a Gitlab repository
-
nixos-unstable 0.1.4
pkgs.python312Packages.python-gitlab
Interact with GitLab API
-
nixos-unstable 6.1.0
pkgs.python313Packages.mkdocs-gitlab
MkDocs plugin to transform strings such as #1234, %56, or !789 into links to a Gitlab repository
pkgs.python313Packages.python-gitlab
Interact with GitLab API
pkgs.python314Packages.mkdocs-gitlab
MkDocs plugin to transform strings into links to a Gitlab repository
pkgs.python314Packages.python-gitlab
Interact with GitLab API
pkgs.ocamlPackages_latest.gitlab-jsoo
Gitlab APIv4 JavaScript library
pkgs.ocamlPackages_latest.gitlab-unix
Gitlab APIv4 Unix library
pkgs.terraform-providers.gitlabhq_gitlab
None
pkgs.prometheus-gitlab-ci-pipelines-exporter
Prometheus / OpenMetrics exporter for GitLab CI pipelines insights
pkgs.vscode-extensions.gitlab.gitlab-workflow
GitLab extension for Visual Studio Code
pkgs.perlPackages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
pkgs.perl5Packages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
-
nixos-unstable -
- nixpkgs-unstable 0.01
pkgs.perl538Packages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
-
nixos-unstable 0.01
pkgs.perl540Packages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
Package maintainers
-
@balsoft Alexander Bantyev <balsoft75@gmail.com>
-
@yayayayaka Yaya <github@uwu.is>
-
@talyz Kim Lindberger <kim.lindberger@gmail.com>
-
@leona-ya Leona Maroni <nix@leona.is>
-
@globin Robin Gloster <mail@glob.in>
-
@krav Kristoffer Thømt Ravneberg <kristoffer@microdisko.no>
-
@pineapplehunter Shogo Takata <peshogo+nixpkgs@gmail.com>
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
-
@wucke13 Wucke <wucke13@gmail.com>
-
@xanderio Alexander Sieg <alex@xanderio.de>
-
@snue Stefan Nuernberger <kabelfrickler@gmail.com>
-
@blitz Julian Stecklina <js@alien8.de>
-
@kilimnik Daniel Kilimnik <mail@kilimnik.de>
-
@zimbatm zimbatm <zimbatm@zimbatm.com>
-
@phip1611 Philipp Schuster <phip1611@gmail.com>
-
@mvisonneau Maxime VISONNEAU <maxime@visonneau.fr>
-
@mmahut Marek Mahut <marek.mahut@gmail.com>
-
@snpschaaf Philippe Schaaf <philipe.schaaf@secunet.com>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>
-
@caniko Can H. Tartanoglu <gpg@rotas.mozmail.com>
-
@zazedd Leonardo Santos <leomendesantos@gmail.com>
-
@yajo Jairo Llopis <yajo.sk8@gmail.com>