Commit 8e10a866 authored by koobs's avatar koobs
Browse files

security/vuxml: Add buildbot CRLF injection vulnerability

parent 461f20bb
......@@ -58,6 +58,49 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
<vuxml xmlns="">
<vuln vid="5536ea5f-6814-11e9-a8f7-0050562a4d7b">
<topic>buildbot -- CRLF injection in Buildbot login and logout redirect code</topic>
<body xmlns="">
<blockquote cite="">
<p>A CRLF can be injected in Location header of /auth/login and /auth/logout
This is due to lack of input validation in the buildbot redirection code.
<p>It was not found a way to impact Buildbot product own security through
this vulnerability, but it could be used to compromise other sites
hosted on the same domain as Buildbot.
- cookie injection a master domain (ie if your buildbot is on, one can inject a cookie on *,
which could impact another website hosted in your domain)
- HTTP response splitting and cache poisoning (browser or proxy) are
also typical impact of this vulnerability class, but might be impractical
to exploit.
<vuln vid="2bad8b5d-66fb-11e9-9815-78acc0a3b880">
<topic>drupal -- Drupal core - Moderately critical</topic>
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment