3 matches found
CVE-2018-19335
Google Monorail before 2018-06-07 is affected by a Cross-Site Search (XS-Search) vulnerability where CSV downloads are CSRF‑prone. The issue arises from CSRF in CSV download requests, allowing an attacker to exploit crafted groupby values to infer sensitive information contained in bug reports. T...
CVE-2018-10099
The CVE-2018-10099 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in Google Monorail prior to 2018-04-04 affecting CSV downloads, where timing calculations for requests with duplicated columns can leak sensitive information from bug reports via an XS-Search-like exposure. Affec...
CVE-2018-19334
CVE-2018-19334 affects Google Monorail prior to 2018-05-04, exposing Cross-Site Search (XS-Search) via CSV downloads that are CSRF-protected inappropriately. The root cause is CSRF-assisted CSV download handling and calculations of download times for requests with an unsupported axis, which can r...