Jump to:

CVE-2019-7313

Jump to:

CVE-2019-7313

Package buildbot updated to version 2.1.0-alt1 for branch sisyphus in task 225113.

Published: 2019-02-03
Modified: 2024-11-21

CVE-2019-7313

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code
https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code

Version: 2.1.0

Package buildbot update in sisyphus on 2019-03-16

ALT-PU-2019-1444-1

Closed vulnerabilities

CVE-2019-7313