CVE-2019-7313

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-7313

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7313.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-7313

Aliases

Related

UBUNTU-CVE-2019-7313

Published

2019-02-03T08:29:00Z

Modified

2024-10-12T05:18:39.239680Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.

References

Affected packages

Debian:11 / buildbot

Package

Name: buildbot
Purl: pkg:deb/debian/buildbot?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / buildbot

Package

Name: buildbot
Purl: pkg:deb/debian/buildbot?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / buildbot

Package

Name: buildbot
Purl: pkg:deb/debian/buildbot?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/buildbot/buildbot

Affected ranges

Type: GIT
Repo: https://github.com/buildbot/buildbot
Events: Introduced

a3ffaf12bcecc98e5f0102a907bd13afb620cc08

Last affected

0ca122596e3b2404b4367aa17c21b29d2cf7c32a

Affected versions

0.*

0.8.13-pre

v0.*

v0.8.11-pre

v0.9.0

v0.9.0-pre

v0.9.0.post1

v0.9.0b1

v0.9.0b2

v0.9.0b3

v0.9.0b4

v0.9.0b6

v0.9.0b7

v0.9.0b8

v0.9.0rc1

v0.9.0rc2

v0.9.0rc3

v0.9.0rc4

v0.9.1

v0.9.10

v0.9.11

v0.9.12

v0.9.12.post1

v0.9.13

v0.9.14

v0.9.15

v0.9.15.post1

v0.9.2

v0.9.3

v0.9.4

v0.9.5

v0.9.6

v0.9.7

v0.9.8

v0.9.9

v0.9.9.post1

v0.9.9.post2

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.1.2

v1.2.0

v1.3.0

v1.4.0

v1.5.0

v1.6.0

v1.7.0

v1.8.0