DEBIAN-CVE-2019-12300

Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim...

CVE-2019-12300

Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim...

Authorization

Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim...

PYSEC-2019-6

Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim...

CVE-2019-12300

Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim...

buildbot-legacy-slack-adapter (>=1.0.0 <=1.0.1) potentially affected by CVE-2019-12300 via buildbot (=1.3.0)

buildbot PYPI version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on buildbot and may be impacted: - buildbot-legacy-slack-adapter =1.0.0, =1.0.1 Source cves: CVE-2019-12300 Source advisory: OSV:PYSEC-2019-6...

PYSEC-2019-76

Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim...

buildbot-fossil (>=0.1.0 <=0.3.0), buildbot-gitea (>=1.3.0 <=1.3.1) potentially affected by CVE-2019-12300 via buildbot (=2.10.5)

buildbot PYPI version =2.10.5 is affected by a known vulnerability. The following packages have a transitive dependency on buildbot and may be impacted: - buildbot-fossil =0.1.0, =1.3.0, =1.3.1 Source cves: CVE-2019-12300 Source advisory: OSV:PYSEC-2019-6...

UBUNTU-CVE-2019-12300

Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim...

PYSEC-2019-6

Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim...

CVE-2019-12300

Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim...

CVE-2019-12300

Buildbot vulnerable when running versions before 1.8.2 and 2.x before 2.3.1: it accepts a user-submitted OAuth token and uses it to authenticate the user. If an attacker obtains a token that can read a victim’s user details, they can log in as that victim. Fedora advisories indicate patch updates...

CVE-2019-12300

Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim...

PT-2019-12741 · Buildbot +1 · Buildbot +1

Name of the Vulnerable Software and Affected Versions: Buildbot versions prior to 1.8.2 Buildbot versions 2.x prior to 2.3.1 Description: The issue allows an attacker to login as a victim if they have a token that permits them to read the victim's user details. This is possible because Buildbot...

Buildbot License Issue Vulnerability

Buildbot is a continuous integration tool for software development. The product is primarily used for automated building, testing and releasing of software. Buildbot versions prior to 1.8.2 and 2.x versions prior to 2.3.1 accept an authorization token submitted by a user from OAuth and use it to...

Fedora Update for buildbot FEDORA-2019-7e722314f3

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

buildbot -- OAuth Authentication Vulnerability

Buildbot accepted user-submitted authorization token from OAuth and used it to authenticate user. The vulnerability can lead to malicious attackers to authenticate as legitimate users of a Buildbot instance without knowledge of the victim's login credentials on certain scenarios. If an attacker h...

FreeBSD : buildbot -- CRLF injection in Buildbot login and logout redirect code (5536ea5f-6814-11e9-a8f7-0050562a4d7b)

A CRLF can be injected in Location header of /auth/login and /auth/logout This is due to lack of input validation in the buildbot redirection code. It was not found a way to impact Buildbot product own security through this vulnerability, but it could be used to compromise other sites hosted on t...

[SECURITY] Fedora 29 Update: buildbot-1.8.1-1.fc29

The BuildBot is a system to automate the compile/test cycle required by most software projects to validate code changes. By automatically rebuilding and testing the tree each time something has changed, build problems are pinpointed quickly, before other developers are inconvenienced by the failu...

[SECURITY] Fedora 28 Update: buildbot-1.8.1-1.fc28

The BuildBot is a system to automate the compile/test cycle required by most software projects to validate code changes. By automatically rebuilding and testing the tree each time something has changed, build problems are pinpointed quickly, before other developers are inconvenienced by the failu...