Nixpkgs security tracker
8.1 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): NONE
Activity log
- Created suggestion
Cross-Site Request Forgery (CSRF) in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection.
References
Affected products
- <18.9.6
- <18.10.4
- <18.11.1
Matching in nixpkgs
pkgs.gitlab
GitLab Community Edition
pkgs.gitlab-ee
GitLab Enterprise Edition
pkgs.gitlab-art
Pull cross-project Gitlab artifact dependencies
pkgs.gitlab-duo
CLI for GitLab AI assistant
pkgs.gitlab-kas
Kubernetes Agent (Gitlab side)
pkgs.gitlab-ci-ls
GitLab CI Language Server (gitlab-ci-ls)
pkgs.gitlab-pages
Daemon used to serve static websites for GitLab users
pkgs.gitlab-shell
SSH access and repository management app for GitLab
pkgs.danger-gitlab
Gem that exists to ensure all dependencies are set up for Danger with GitLab
pkgs.gitlab-clippy
Convert clippy warnings into GitLab Code Quality report
pkgs.gitlab-runner
GitLab Runner the continuous integration executor of GitLab
pkgs.gitlab-triage
GitLab's issues and merge requests triage, automated
pkgs.gitlab-ci-local
Run gitlab pipelines locally as shell executor or docker executor
pkgs.gitlab-timelogs
CLI utility to support you with your time logs in GitLab
pkgs.gitlab-ci-linter
.gitlab-ci.yml lint helper tool
pkgs.gitlab-workhorse
None
pkgs.gitlab-release-cli
Toolset to create, retrieve and update releases on GitLab
pkgs.ocamlPackages.gitlab
Native OCaml bindings to Gitlab REST API v4
pkgs.vimPlugins.gitlab-vim
Integrate GitLab Duo with Neovim
pkgs.gitlab-container-registry
GitLab Docker toolset to pack, ship, store, and deliver content
pkgs.ocamlPackages.gitlab-jsoo
Gitlab APIv4 JavaScript library
pkgs.ocamlPackages.gitlab-unix
Gitlab APIv4 Unix library
pkgs.rubyPackages.gitlab-markup
None
pkgs.terraform-providers.gitlab
None
pkgs.ocamlPackages_latest.gitlab
Native OCaml bindings to Gitlab REST API v4
pkgs.gitlab-elasticsearch-indexer
Indexes Git repositories into Elasticsearch for GitLab
pkgs.haskellPackages.gitlab-haskell
A Haskell library for the GitLab web API
pkgs.rubyPackages_3_3.gitlab-markup
None
pkgs.rubyPackages_3_4.gitlab-markup
None
pkgs.rubyPackages_4_0.gitlab-markup
None
pkgs.python312Packages.mkdocs-gitlab
MkDocs plugin to transform strings into links to a Gitlab repository
pkgs.python312Packages.python-gitlab
Interact with GitLab API
pkgs.python313Packages.mkdocs-gitlab
MkDocs plugin to transform strings into links to a Gitlab repository
pkgs.python313Packages.python-gitlab
Interact with GitLab API
pkgs.python314Packages.mkdocs-gitlab
MkDocs plugin to transform strings into links to a Gitlab repository
pkgs.python314Packages.python-gitlab
Interact with GitLab API
pkgs.ocamlPackages_latest.gitlab-jsoo
Gitlab APIv4 JavaScript library
pkgs.ocamlPackages_latest.gitlab-unix
Gitlab APIv4 Unix library
pkgs.terraform-providers.gitlabhq_gitlab
None
pkgs.gnomeExtensions.gitlab-time-tracking
Track time spent on GitLab issues with a convenient system tray timer.
pkgs.prometheus-gitlab-ci-pipelines-exporter
Prometheus / OpenMetrics exporter for GitLab CI pipelines insights
pkgs.vscode-extensions.gitlab.gitlab-workflow
GitLab extension for Visual Studio Code
pkgs.perlPackages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
pkgs.perl5Packages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
pkgs.perl538Packages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
pkgs.perl540Packages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
Package maintainers
-
@leona-ya Leona Maroni <nix@leona.is>
-
@yayayayaka Yaya <github@uwu.is>
-
@krav Kristoffer Thømt Ravneberg <kristoffer@microdisko.no>
-
@gabyx Gabriel Nützi <gnuetzi@gmail.com>
-
@talyz Kim Lindberger <kim.lindberger@gmail.com>
-
@tbaldwin-dev Trent Baldwin <trent.baldwin@proton.me>
-
@caniko Can H. Tartanoglu <gpg@rotas.mozmail.com>
-
@pineapplehunter Shogo Takata <peshogo+nixpkgs@gmail.com>
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
-
@wucke13 Wucke <wucke13@gmail.com>
-
@e1mo Nina Fromm <nixpkgs@e1mo.de>
-
@afontaine Andrewfontaine <andrew@afontaine.ca>
-
@xanderio Alexander Sieg <alex@xanderio.de>
-
@kilimnik Daniel Kilimnik <mail@kilimnik.de>
-
@zimbatm zimbatm <zimbatm@zimbatm.com>
-
@phip1611 Philipp Schuster <phip1611@gmail.com>
-
@blitz Julian Stecklina <js@alien8.de>
-
@honnip Jung seungwoo <me@honnip.page>
-
@zazedd Leonardo Santos <leomendesantos@gmail.com>
-
@mvisonneau Maxime VISONNEAU <maxime@visonneau.fr>
-
@mmahut Marek Mahut <marek.mahut@gmail.com>
-
@snpschaaf Philippe Schaaf <philipe.schaaf@secunet.com>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>