Bug 27733

Summary: buildbot security vulnerability CVE-2019-12300
Product: Mageia Reporter: Zombie Ryushu <zombie_ryushu>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://nvd.nist.gov/vuln/detail/CVE-2019-12300
Whiteboard:
Source RPM: buildbot CVE: CVE-2019-12300
Status comment:

Description Zombie Ryushu 2020-12-04 10:09:06 CET 
Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim.
Zombie Ryushu 2020-12-04 10:09:21 CET

CVE: (none) => CVE-2019-12300

Comment 1 David Walser 2020-12-04 13:32:03 CET 
Already reported.

*** This bug has been marked as a duplicate of bug 24346 ***

Resolution: (none) => DUPLICATE
Status: NEW => RESOLVED