Vulnerability	Vulnerable Version
M Credentials Disclosure buildbot is a continuous integration framework for automating software build, test, and release processes. Affected versions of this package are vulnerable to Credentials Disclosure. Buildbot accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can authenticate as the victim. How to fix Credentials Disclosure? Upgrade `buildbot` to version 1.8.2, 2.3.1 or higher.	[0.9.5,1.8.2)[2.0.0,2.3.1)
H CRLF injection buildbot is a continuous integration framework for automating software build, test, and release processes. Affected versions of this package are vulnerable to CRLF injection in the Location header of `/auth/login` and `/auth/logout` via the redirect parameter. This affects other web sites in the same domain. How to fix CRLF injection? Upgrade `buildbot` to version 1.8.1 or higher.	[,1.8.1)
H Timing Attack buildbot is an open-source continuous integration framework for automating software build, test, and release processes. Affected versions of this package are vulnerable to Timing Attack. It implemented a character to character comparison `!=`, and not a time constant string comparison. An attacker can use this difference to perform a timing attack, essentially allowing them to guess the encryption key one character at a time. How to fix Timing Attack? Upgrade `buildbot` to version 1.3.0 or higher.	[,1.3.0)

Go back to all versions of this package