[Python-apps-team] Bug#921271: buildbot: CVE-2019-7313: CRLF injection in Buildbot login and logout redirect code
Salvatore Bonaccorso
carnil at debian.org
Sun Feb 3 20:20:17 GMT 2019
Source: buildbot
Version: 1.8.0-1
Severity: grave
Tags: security upstream
Hi,
The following vulnerability was published for buildbot.
CVE-2019-7313[0]:
| www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the
| Location header of /auth/login and /auth/logout via the redirect
| parameter. This affects other web sites in the same domain.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-7313
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7313
[1] https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code
Regards,
Salvatore
More information about the Python-apps-team
mailing list