Candidate: CVE-2019-7313
PublicDate: 2019-02-03 08:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7313
 https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code
 https://github.com/buildbot/buildbot/pull/4584/files#diff-a2e7e3ee5f6a1d3cd9c6abf0328c21e0
Description:
 www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the
 Location header of /auth/login and /auth/logout via the redirect parameter.
 This affects other web sites in the same domain.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921271
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]


Patches_buildbot:
upstream_buildbot: released (2.0.0-1)
precise/esm_buildbot: DNE
trusty_buildbot: not-affected
trusty/esm_buildbot: DNE (trusty was not-affected)
xenial_buildbot: not-affected
bionic_buildbot: needed
cosmic_buildbot: ignored (reached end-of-life)
disco_buildbot: released (2.0.0-1)
eoan_buildbot: released (2.0.0-1)
focal_buildbot: released (2.0.0-1)
groovy_buildbot: released (2.0.0-1)
hirsute_buildbot: released (2.0.0-1)
impish_buildbot: released (2.0.0-1)
jammy_buildbot: released (2.0.0-1)
devel_buildbot: released (2.0.0-1)