114 matches found
Fedora 29 : buildbot (2019-7e722314f3)
Update to 1.8.1 to fix CVE-2019-7313 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...
Fedora 28 : buildbot (2019-7eb8c71fe8)
Update to 1.8.1 to fix CVE-2019-7313 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...
Fedora Update for buildbot FEDORA-2019-7eb8c71fe8
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CRLF Injection
buildbot is vulnerable to CRLF injection attacks. The vulnerability exists in Redirect and ResourceResource.render where a given redirect parameter can be used for CRLF injection attacks...
PYSEC-2019-7
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...
PYSEC-2019-77
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...
UBUNTU-CVE-2019-7313
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...
DEBIAN-CVE-2019-7313
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...
CVE-2019-7313
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...
buildbot-legacy-slack-adapter (>=1.0.0 <=1.0.1) potentially affected by CVE-2019-7313 via buildbot (=1.3.0)
buildbot PYPI version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on buildbot and may be impacted: - buildbot-legacy-slack-adapter =1.0.0, =1.0.1 Source cves: CVE-2019-7313 Source advisory: OSV:PYSEC-2019-7...
PYSEC-2019-7
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...
CVE-2019-7313
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...
CVE-2019-7313
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...
Crlf injection
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...
CVE-2019-7313
CVE-2019-7313 – Buildbot CRLF Injection : The flaw is in www/resource.py in Buildbot before 1.8.1, allowing CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. Root cause: missing input validation in the redirection code, enabling header manipulation ...
CVE-2019-7313
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...
CVE-2019-7313
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...
buildbot -- CRLF injection in Buildbot login and logout redirect code
A CRLF can be injected in Location header of /auth/login and /auth/logout This is due to lack of input validation in the buildbot redirection code. It was not found a way to impact Buildbot product own security through this vulnerability, but it could be used to compromise other sites hosted on t...
buildbot.com.br XSS vulnerability
Open Bug Bounty ID: OBB-454742 Description| Value ---|--- Affected Website:| buildbot.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
BuildBot WebStatus waterfall 'branch' Parameter XSS
The version of BuildBot WebStatus running on the remote host has a cross-site scripting vulnerability. Input to the 'branch' parameter of the '/waterfall/help' page is not properly sanitized. A remote attacker could exploit this by tricking a user into requesting a malicious URL, which could resu...