Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 03/02/2019 Updated: 06/02/2019

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

www/resource.py in Buildbot prior to 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.

Vulnerable Product	Search on Vulmon	Subscribe to Product
buildbot buildbot

Debian Bug report logs - #921271 buildbot: CVE-2019-7313: CRLF injection in Buildbot login and logout redirect code Package: src:buildbot; Maintainer for src:buildbot is Python Applications Packaging Team <python-apps-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 3 Fe ...

CWE-93 https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921271 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-7313

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect