2 matches found
PYSEC-2019-6
Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim...
PT-2019-12741 · Buildbot +1 · Buildbot +1
Name of the Vulnerable Software and Affected Versions: Buildbot versions prior to 1.8.2 Buildbot versions 2.x prior to 2.3.1 Description: The issue allows an attacker to login as a victim if they have a token that permits them to read the victim's user details. This is possible because Buildbot...