Опубликовано: 03 фев. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5.8
CVSS3: 6.1
Описание
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| cosmic | ignored | end of life |
| devel | released | 2.0.0-1 |
| disco | released | 2.0.0-1 |
| eoan | released | 2.0.0-1 |
| esm-apps/bionic | needed | |
| esm-apps/focal | released | 2.0.0-1 |
| esm-apps/jammy | released | 2.0.0-1 |
| esm-apps/noble | released | 2.0.0-1 |
| esm-apps/xenial | not-affected |
Показывать по
10
EPSS
Процентиль: 43%
0.00209
Низкий
5.8 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.1
nvd
около 7 лет назад
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.
CVSS3: 6.1
debian
около 7 лет назад
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the ...
EPSS
Процентиль: 43%
0.00209
Низкий
5.8 Medium
CVSS2
6.1 Medium
CVSS3