10 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-12300
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a toke...
Fedora 29 : buildbot (2019-2ea119f414)
Update to 1.8.2 to fix CVE-2019-12300. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...
Fedora Update for buildbot FEDORA-2019-2ea119f414
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 30 : buildbot (2019-3270dc130b)
Update to 2.3.1 to fix CVE-2019-12300. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...
Fedora Update for buildbot FEDORA-2019-3270dc130b
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
buildbot-fossil (>=0.1.0 <=0.3.0), buildbot-gitea (>=1.3.0 <=1.3.1) potentially affected by CVE-2019-12300 via buildbot (=2.10.5)
buildbot PYPI version =2.10.5 is affected by a known vulnerability. The following packages have a transitive dependency on buildbot and may be impacted: - buildbot-fossil =0.1.0, =1.3.0, =1.3.1 Source cves: CVE-2019-12300 Source advisory: OSV:GHSA-G86P-HGX5-2PFH...
buildbot-legacy-slack-adapter (>=1.0.0 <=1.0.1) potentially affected by CVE-2019-12300 via buildbot (=1.3.0)
buildbot PYPI version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on buildbot and may be impacted: - buildbot-legacy-slack-adapter =1.0.0, =1.0.1 Source cves: CVE-2019-12300 Source advisory: OSV:GHSA-G86P-HGX5-2PFH...
buildbot-legacy-slack-adapter (>=1.0.0 <=1.0.1) potentially affected by CVE-2019-12300 via buildbot (=1.3.0)
buildbot PYPI version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on buildbot and may be impacted: - buildbot-legacy-slack-adapter =1.0.0, =1.0.1 Source cves: CVE-2019-12300 Source advisory: OSV:PYSEC-2019-6...
CVE-2019-12300
Buildbot vulnerable when running versions before 1.8.2 and 2.x before 2.3.1: it accepts a user-submitted OAuth token and uses it to authenticate the user. If an attacker obtains a token that can read a victim’s user details, they can log in as that victim. Fedora advisories indicate patch updates...
CVE-2019-12300
Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim...