GHSA-JQQH-999X-W26W Buildbot Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the waterfall web status view status/web/waterfall.py in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

ayugespidertools (>=3.4.1 <=3.9.5), baotool (=1.0.1) +129 more potentially affected by CVE-2022-21712 via twisted (>=16.0.0 <=22.10.0)

twisted PYPI version =16.0.0, =3.4.1, =1.5.0, =0.2.0, =0.0.2, =3.9.2, =0.1.0.dev2, =0.3.4, =0.1.0, =18.4.0, =1.1.2.post3, =1.2.0.post1 and more Source cves: CVE-2022-21712 Source advisory: OSV:GHSA-92X2-JW7W-XVVX...

buildbot-fossil (=0.3.0), epcpm (>=2019.2.3 <=2021.7.0) +4 more potentially affected by CVE-2022-23607 via treq (>=21.1.0 <=21.5.0)

treq PYPI version =21.1.0, =2019.2.3, =0.0.0, =0.8.0, =0.8.0, =1.0.2, =1.1.2 Source cves: CVE-2022-23607 Source advisory: OSV:PYSEC-2022-26...

buildbot-fossil (>=0.1.0 <=0.3.0), crossbar (=17.3.1) +8 more potentially affected by CVE-2022-23607 via treq (>=17.3.1 <=21.5.0)

treq PYPI version =17.3.1, =0.1.0, =2019.2.3, =0.0.0, =0.8.0, =0.8.0, =1.0.2, =0.100.2, =0.1.0, =0.1.2 Source cves: CVE-2022-23607 Source advisory: OSV:GHSA-FHPF-PP6P-55QC...

buildbot-badges (>=1.7.0 <=1.8.2), cico (>=0.1.0 <=0.1.8) +9 more potentially affected by CVE-2021-21236 via cairosvg (>=0.5.0 <=2.5.0)

cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =0.1.0, =2.11.0, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =1.1.0 - wiking =2.2.1 Source cves: CVE-2021-21236 Source advisory: OSV:PYSEC-2021-5...

buildbot-badges (>=1.7.0 <=1.8.2), cico (>=0.1.0 <=0.1.8) +9 more potentially affected by CVE-2021-21236 via cairosvg (>=0.5.0 <=2.5.0)

cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =0.1.0, =2.11.0, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =1.1.0 - wiking =2.2.1 Source cves: CVE-2021-21236 Source advisory: OSV:GHSA-HQ37-853P-G5CF...

Aircrack-ng 1.6 - Complete Suite Of Tools To Assess WiFi Network Security

Aircrack-ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security: Monitoring: Packet capture and export of data to text files for further processing by third party tools. Attacking: Replay attacks, deauthentication, fake access points and...

Fedora 29 : buildbot (2019-2ea119f414)

Update to 1.8.2 to fix CVE-2019-12300. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...

Fedora Update for buildbot FEDORA-2019-2ea119f414

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 29 Update: buildbot-1.8.2-1.fc29

The BuildBot is a system to automate the compile/test cycle required by most software projects to validate code changes. By automatically rebuilding and testing the tree each time something has changed, build problems are pinpointed quickly, before other developers are inconvenienced by the failu...

[SECURITY] Fedora 30 Update: buildbot-2.3.1-2.fc30

The BuildBot is a system to automate the compile/test cycle required by most software projects to validate code changes. By automatically rebuilding and testing the tree each time something has changed, build problems are pinpointed quickly, before other developers are inconvenienced by the failu...

Fedora 30 : buildbot (2019-3270dc130b)

Update to 2.3.1 to fix CVE-2019-12300. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...

Fedora Update for buildbot FEDORA-2019-3270dc130b

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

FreeBSD : buildbot -- OAuth Authentication Vulnerability (ada8db8a-8471-11e9-8170-0050562a4d7b)

Buildbot accepted user-submitted authorization token from OAuth and used it to authenticate user. The vulnerability can lead to malicious attackers to authenticate as legitimate users of a Buildbot instance without knowledge of the victim's login credentials on certain scenarios. If an attacker h...

buildbot-fossil (>=0.1.0 <=0.3.0), buildbot-gitea (>=1.3.0 <=1.3.1) potentially affected by CVE-2019-12300 via buildbot (=2.10.5)

buildbot PYPI version =2.10.5 is affected by a known vulnerability. The following packages have a transitive dependency on buildbot and may be impacted: - buildbot-fossil =0.1.0, =1.3.0, =1.3.1 Source cves: CVE-2019-12300 Source advisory: OSV:GHSA-G86P-HGX5-2PFH...

buildbot-legacy-slack-adapter (>=1.0.0 <=1.0.1) potentially affected by CVE-2019-12300 via buildbot (=1.3.0)

buildbot PYPI version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on buildbot and may be impacted: - buildbot-legacy-slack-adapter =1.0.0, =1.0.1 Source cves: CVE-2019-12300 Source advisory: OSV:GHSA-G86P-HGX5-2PFH...

Improper Authentication in Buildbot

Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim...

GHSA-G86P-HGX5-2PFH Improper Authentication in Buildbot

Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim...

Authentication Bypass

Buildbot is vulnerable to authentication bypass attacks.The vulnerability allows an attacker to use an authorization token for authentication with OAuth to obtain confidential information of another user...

CVE-2019-12300

Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim...