Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:03
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-05-23 15:30
Updated : 2024-02-28 17:08
NVD link : CVE-2019-12300
Mitre link : CVE-2019-12300
CVE.ORG link : CVE-2019-12300
JSON object : View
Products Affected
buildbot
- buildbot
CWE
CWE-287
Improper Authentication