vulnerability
FreeBSD: VID-5536ea5f-6814-11e9-a8f7-0050562a4d7b (CVE-2019-7313): buildbot -- CRLF injection in Buildbot login and logout redirect code
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:N/I:P/A:P) | Apr 26, 2019 | Apr 27, 2019 | Dec 10, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:P)
Published
Apr 26, 2019
Added
Apr 27, 2019
Modified
Dec 10, 2025
Description
A CRLF can be injected in Location header of /auth/login and /auth/logout This is due to lack of input validation in the buildbot redirection code. It was not found a way to impact Buildbot product own security through this vulnerability, but it could be used to compromise other sites hosted on the same domain as Buildbot. - cookie injection a master domain (ie if your buildbot is on buildbot.buildbot.net, one can inject a cookie on *.buildbot.net, which could impact another website hosted in your domain) - HTTP response splitting and cache poisoning (browser or proxy) are also typical impact of this vulnerability class, but might be impractical to exploit.
Solutions
freebsd-upgrade-package-py27-buildbotfreebsd-upgrade-package-py35-buildbotfreebsd-upgrade-package-py36-buildbotfreebsd-upgrade-package-py37-buildbot
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.