CVE-2019-12300

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-12300

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12300.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-12300

Aliases

Related

UBUNTU-CVE-2019-12300

Published

2019-05-23T15:30:12Z

Modified

2024-10-12T04:18:53.404037Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim.

References

Affected packages

Debian:11 / buildbot

Package

Name: buildbot
Purl: pkg:deb/debian/buildbot?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / buildbot

Package

Name: buildbot
Purl: pkg:deb/debian/buildbot?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / buildbot

Package

Name: buildbot
Purl: pkg:deb/debian/buildbot?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/buildbot/buildbot

Affected ranges

Type: GIT
Repo: https://github.com/buildbot/buildbot
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e2db8794b1353f3a81d225697601bb09909b99b1

Affected versions

0.*

0.8.13-pre

v0.*

v0.7.1

v0.7.10

v0.7.11rc1

v0.7.11rc2

v0.7.12rc1

v0.7.12rc2

v0.7.2

v0.7.3

v0.7.4

v0.7.5

v0.7.6

v0.7.7

v0.7.8

v0.7.9

v0.8.0beta1

v0.8.10-pre

v0.8.11-pre

v0.8.1rc1

v0.8.1rc2

v0.8.1rc3

v0.8.3

v0.8.3-pre

v0.8.4

v0.8.4-pre

v0.8.5

v0.8.5-pre

v0.8.5rc1

v0.8.6

v0.8.6-pre

v0.8.6p1

v0.8.6rc1

v0.8.7

v0.8.7-pre

v0.8.7-pre2

v0.8.7p1

v0.8.8

v0.8.8-pre

v0.8.8rc1

v0.8.9

v0.8.9-pre

v0.8.9rc1

v0.9.0

v0.9.0-pre

v0.9.0.post1

v0.9.0b1

v0.9.0b2

v0.9.0b3

v0.9.0b4

v0.9.0b6

v0.9.0b7

v0.9.0b8

v0.9.0rc1

v0.9.0rc2

v0.9.0rc3

v0.9.0rc4

v0.9.1

v0.9.10

v0.9.11

v0.9.12

v0.9.12.post1

v0.9.13

v0.9.14

v0.9.15

v0.9.15.post1

v0.9.2

v0.9.3

v0.9.4

v0.9.5

v0.9.6

v0.9.7

v0.9.8

v0.9.9

v0.9.9.post1

v0.9.9.post2

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.1.2

v1.2.0

v1.3.0

v1.4.0

v1.5.0

v1.6.0

v1.7.0

v1.8.0