Nixpkgs security tracker
8.0 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): NONE
Activity log
- Created suggestion
Improper Resolution of Path Equivalence in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions.
References
Affected products
- <18.11.1
- <18.10.4
Matching in nixpkgs
pkgs.gitlab
GitLab Community Edition
pkgs.gitlab-ee
GitLab Enterprise Edition
pkgs.gitlab-art
Pull cross-project Gitlab artifact dependencies
pkgs.gitlab-duo
CLI for GitLab AI assistant
pkgs.gitlab-kas
Kubernetes Agent (Gitlab side)
pkgs.gitlab-ci-ls
GitLab CI Language Server (gitlab-ci-ls)
pkgs.gitlab-pages
Daemon used to serve static websites for GitLab users
pkgs.gitlab-shell
SSH access and repository management app for GitLab
pkgs.danger-gitlab
Gem that exists to ensure all dependencies are set up for Danger with GitLab
pkgs.gitlab-clippy
Convert clippy warnings into GitLab Code Quality report
pkgs.gitlab-runner
GitLab Runner the continuous integration executor of GitLab
pkgs.gitlab-triage
GitLab's issues and merge requests triage, automated
pkgs.gitlab-ci-local
Run gitlab pipelines locally as shell executor or docker executor
pkgs.gitlab-timelogs
CLI utility to support you with your time logs in GitLab
pkgs.gitlab-ci-linter
.gitlab-ci.yml lint helper tool
pkgs.gitlab-workhorse
None
pkgs.gitlab-release-cli
Toolset to create, retrieve and update releases on GitLab
pkgs.ocamlPackages.gitlab
Native OCaml bindings to Gitlab REST API v4
pkgs.vimPlugins.gitlab-vim
Integrate GitLab Duo with Neovim
pkgs.gitlab-container-registry
GitLab Docker toolset to pack, ship, store, and deliver content
pkgs.ocamlPackages.gitlab-jsoo
Gitlab APIv4 JavaScript library
pkgs.ocamlPackages.gitlab-unix
Gitlab APIv4 Unix library
pkgs.rubyPackages.gitlab-markup
None
pkgs.terraform-providers.gitlab
None
pkgs.ocamlPackages_latest.gitlab
Native OCaml bindings to Gitlab REST API v4
pkgs.gitlab-elasticsearch-indexer
Indexes Git repositories into Elasticsearch for GitLab
pkgs.haskellPackages.gitlab-haskell
A Haskell library for the GitLab web API
pkgs.rubyPackages_3_3.gitlab-markup
None
pkgs.rubyPackages_3_4.gitlab-markup
None
pkgs.rubyPackages_4_0.gitlab-markup
None
pkgs.python312Packages.mkdocs-gitlab
MkDocs plugin to transform strings into links to a Gitlab repository
pkgs.python312Packages.python-gitlab
Interact with GitLab API
pkgs.python313Packages.mkdocs-gitlab
MkDocs plugin to transform strings into links to a Gitlab repository
pkgs.python313Packages.python-gitlab
Interact with GitLab API
pkgs.python314Packages.mkdocs-gitlab
MkDocs plugin to transform strings into links to a Gitlab repository
pkgs.python314Packages.python-gitlab
Interact with GitLab API
pkgs.ocamlPackages_latest.gitlab-jsoo
Gitlab APIv4 JavaScript library
pkgs.ocamlPackages_latest.gitlab-unix
Gitlab APIv4 Unix library
pkgs.terraform-providers.gitlabhq_gitlab
None
pkgs.gnomeExtensions.gitlab-time-tracking
Track time spent on GitLab issues with a convenient system tray timer.
pkgs.prometheus-gitlab-ci-pipelines-exporter
Prometheus / OpenMetrics exporter for GitLab CI pipelines insights
pkgs.vscode-extensions.gitlab.gitlab-workflow
GitLab extension for Visual Studio Code
pkgs.perlPackages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
pkgs.perl5Packages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
pkgs.perl538Packages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
pkgs.perl540Packages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
Package maintainers
-
@leona-ya Leona Maroni <nix@leona.is>
-
@yayayayaka Yaya <github@uwu.is>
-
@krav Kristoffer Thømt Ravneberg <kristoffer@microdisko.no>
-
@gabyx Gabriel Nützi <gnuetzi@gmail.com>
-
@talyz Kim Lindberger <kim.lindberger@gmail.com>
-
@tbaldwin-dev Trent Baldwin <trent.baldwin@proton.me>
-
@caniko Can H. Tartanoglu <gpg@rotas.mozmail.com>
-
@pineapplehunter Shogo Takata <peshogo+nixpkgs@gmail.com>
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
-
@wucke13 Wucke <wucke13@gmail.com>
-
@e1mo Nina Fromm <nixpkgs@e1mo.de>
-
@afontaine Andrewfontaine <andrew@afontaine.ca>
-
@xanderio Alexander Sieg <alex@xanderio.de>
-
@kilimnik Daniel Kilimnik <mail@kilimnik.de>
-
@zimbatm zimbatm <zimbatm@zimbatm.com>
-
@phip1611 Philipp Schuster <phip1611@gmail.com>
-
@blitz Julian Stecklina <js@alien8.de>
-
@honnip Jung seungwoo <me@honnip.page>
-
@zazedd Leonardo Santos <leomendesantos@gmail.com>
-
@mvisonneau Maxime VISONNEAU <maxime@visonneau.fr>
-
@mmahut Marek Mahut <marek.mahut@gmail.com>
-
@snpschaaf Philippe Schaaf <philipe.schaaf@secunet.com>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>