Lucene search
K

114 matches found

Tenable Nessus
Tenable Nessus
added 2019/02/11 12:0 a.m.31 views

Fedora 29 : buildbot (2019-7e722314f3)

Update to 1.8.1 to fix CVE-2019-7313 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...

6.1CVSS6.1AI score0.0087EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/02/11 12:0 a.m.81 views

Fedora 28 : buildbot (2019-7eb8c71fe8)

Update to 1.8.1 to fix CVE-2019-7313 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...

6.1CVSS6.1AI score0.0087EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2019/02/11 12:0 a.m.13 views

Fedora Update for buildbot FEDORA-2019-7eb8c71fe8

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.1CVSS6.3AI score0.0087EPSS
Exploits1References2
Veracode
Veracode
added 2019/02/04 1:37 a.m.18 views

CRLF Injection

buildbot is vulnerable to CRLF injection attacks. The vulnerability exists in Redirect and ResourceResource.render where a given redirect parameter can be used for CRLF injection attacks...

6.1CVSS6.3AI score0.0087EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2019/02/03 8:29 a.m.17 views

PYSEC-2019-7

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...

6.1CVSS3.6AI score0.0087EPSS
Exploits1References2
OSV
OSV
added 2019/02/03 8:29 a.m.12 views

PYSEC-2019-77

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...

3.6AI score
Exploits0References1
OSV
OSV
added 2019/02/03 8:29 a.m.2 views

UBUNTU-CVE-2019-7313

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...

6.1CVSS6.4AI score0.0087EPSS
Exploits1References4
OSV
OSV
added 2019/02/03 8:29 a.m.2 views

DEBIAN-CVE-2019-7313

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...

6.1CVSS7.3AI score0.0087EPSS
Exploits1References1
OSV
OSV
added 2019/02/03 8:29 a.m.26 views

CVE-2019-7313

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...

6.1CVSS6.9AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2019/02/03 8:29 a.m.6 views

buildbot-legacy-slack-adapter (>=1.0.0 <=1.0.1) potentially affected by CVE-2019-7313 via buildbot (=1.3.0)

buildbot PYPI version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on buildbot and may be impacted: - buildbot-legacy-slack-adapter =1.0.0, =1.0.1 Source cves: CVE-2019-7313 Source advisory: OSV:PYSEC-2019-7...

6.1CVSS6.3AI score0.0087EPSS
Exploits1
PyPA
PyPA
added 2019/02/03 8:29 a.m.6 views

PYSEC-2019-7

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...

6.1CVSS7.3AI score0.0087EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2019/02/03 8:29 a.m.15 views

CVE-2019-7313

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...

6.1CVSS6.3AI score0.0087EPSS
Exploits1References3
NVD
NVD
added 2019/02/03 8:29 a.m.7 views

CVE-2019-7313

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...

6.1CVSS6.4AI score0.0087EPSS
Exploits1References1
Prion
Prion
added 2019/02/03 8:29 a.m.11 views

Crlf injection

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...

5.8CVSS6.3AI score0.0087EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/02/03 8:0 a.m.59 views

CVE-2019-7313

CVE-2019-7313 – Buildbot CRLF Injection : The flaw is in www/resource.py in Buildbot before 1.8.1, allowing CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. Root cause: missing input validation in the redirection code, enabling header manipulation ...

6.1CVSS6.2AI score0.0087EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/02/03 8:0 a.m.18 views

CVE-2019-7313

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...

6.3AI score0.0087EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2019/02/03 8:0 a.m.19 views

CVE-2019-7313

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...

6.1CVSS6.4AI score0.0087EPSS
Exploits1
FreeBSD
FreeBSD
added 2019/01/29 12:0 a.m.37 views

buildbot -- CRLF injection in Buildbot login and logout redirect code

A CRLF can be injected in Location header of /auth/login and /auth/logout This is due to lack of input validation in the buildbot redirection code. It was not found a way to impact Buildbot product own security through this vulnerability, but it could be used to compromise other sites hosted on t...

6.1CVSS0.4AI score0.0087EPSS
Exploits1References2
Openbugbounty
Openbugbounty
added 2017/12/17 10:22 p.m.12 views

buildbot.com.br XSS vulnerability

Open Bug Bounty ID: OBB-454742 Description| Value ---|--- Affected Website:| buildbot.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/11/03 12:0 a.m.17 views

BuildBot WebStatus waterfall 'branch' Parameter XSS

The version of BuildBot WebStatus running on the remote host has a cross-site scripting vulnerability. Input to the 'branch' parameter of the '/waterfall/help' page is not properly sanitized. A remote attacker could exploit this by tricking a user into requesting a malicious URL, which could resu...

4.3CVSS5.3AI score0.02008EPSS
Exploits0References3
Rows per page
Query Builder