buildbot@1.3.0 vulnerabilities

The Continuous Integration Framework

latest version

3.11.2
latest non vulnerable version

3.11.2
first published

17 years ago
latest version published

2 days ago
licenses detected
- GPL-3.0
  [0.7.3,2.4.0)
View buildbot package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the buildbot package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Credentials Disclosure buildbot is a continuous integration framework for automating software build, test, and release processes. Affected versions of this package are vulnerable to Credentials Disclosure. Buildbot accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can authenticate as the victim. How to fix Credentials Disclosure? Upgrade `buildbot` to version 1.8.2, 2.3.1 or higher.	[0.9.5,1.8.2) [2.0.0,2.3.1)
H CRLF injection buildbot is a continuous integration framework for automating software build, test, and release processes. Affected versions of this package are vulnerable to CRLF injection in the Location header of `/auth/login` and `/auth/logout` via the redirect parameter. This affects other web sites in the same domain. How to fix CRLF injection? Upgrade `buildbot` to version 1.8.1 or higher.	[,1.8.1)

Credentials Disclosure

buildbot is a continuous integration framework for automating software build, test, and release processes.

Affected versions of this package are vulnerable to Credentials Disclosure. Buildbot accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can authenticate as the victim.

How to fix Credentials Disclosure?

Upgrade buildbot to version 1.8.2, 2.3.1 or higher.

[0.9.5,1.8.2) [2.0.0,2.3.1)

CRLF injection

buildbot is a continuous integration framework for automating software build, test, and release processes.

Affected versions of this package are vulnerable to CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.

How to fix CRLF injection?

Upgrade buildbot to version 1.8.1 or higher.

[,1.8.1)

Go back to all versions of this package

buildbot@1.3.0 vulnerabilities

The Continuous Integration Framework

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities