Severity by source
AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionGitHub Advisory
Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A third party who can obtain a Slack OAuth code for the same Outline Slack client can make a logged-in Outline user complete the callback and link that user's Outline account to the attacker's Slack team_id and user_id. The linked Slack identity can then use the Slack /outline search command as the victim Outline user. This vulnerability is fixed in 1.7.1.
Analysis
Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A third party who can obtain a Slack OAuth code for the same Outline Slack client can make a logged-in Outline user complete the callback and link that user's Outline account to the attacker's Slack team_id and user_id. The linked Slack identity can then use the Slack /outline search command as the victim Outline user. This vulnerability is fixed in 1.7.1.
An issue in Outline <= v0.76.1 allows attackers to execute a session hijacking attack via user interaction with a crafte
Outline versions up to - contains a vulnerability that allows attackers to potentially execute arbitrary code with eleva
An issue in Outline <= v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and chang
Outline versions prior to 1.4.0 fail to validate attachment file paths during JSON import, allowing authenticated attack
Outline is an open source, collaborative document editor. Rated medium severity (CVSS 5.4), this vulnerability is remote
Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to 0.70.1. Rated medium severity (CVSS 5.
Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to v0.64.4. Rated medium severity (CVSS 5
Account takeover in Outline collaborative documentation service versions 0.86.0 through 1.5.x enables unauthenticated at
Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extract
Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.
An Insecure Direct Object Reference (IDOR) vulnerability in Outline's document restoration logic allows any authenticate
Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API end
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29343