Lucene search

K

MitreCVELIST:CVE-2018-10099

HistoryNov 20, 2018 - 9:00 a.m.

CVE-2018-10099

2018-11-2009:00:00

mitre

www.cve.org

5

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

39.3%

Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports.

References

chromium.googlesource.com/infra/infra/+/0ff6b6453b6192987bd9240c1e872a7de5fb1313

medium.com/%40luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549

www.reddit.com/r/netsec/comments/9yiidf/xssearching_googles_bug_tracker_to_find_out/ea2i7wz/

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

39.3%

Related for CVELIST:CVE-2018-10099

prion1 cve1 nvd1