www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.
References
Link | Resource |
---|---|
https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:19:30
Updated: 2022-10-03T16:19:30
Reserved: 2022-10-03T00:00:00
Link: CVE-2019-7313
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-02-03T08:29:00.480
Modified: 2019-02-06T21:48:59.387
Link: CVE-2019-7313
JSON object: View
Redhat Information
No data.
CWE