Detections
Analytics
FreeBSD : buildbot -- CRLF injection in Buildbot login and logout redirect code (5536ea5f-6814-11e9-a8f7-0050562a4d7b)
medium Nessus Plugin ID 124353
Language:
Synopsis
The remote FreeBSD host is missing one or more security-related updates.Description
A CRLF can be injected in Location header of /auth/login and /auth/logout This is due to lack of input validation in the buildbot redirection code.It was not found a way to impact Buildbot product own security through this vulnerability, but it could be used to compromise other sites hosted on the same domain as Buildbot.
- cookie injection a master domain (ie if your buildbot is on buildbot.buildbot.net, one can inject a cookie on *.buildbot.net, which could impact another website hosted in your domain)
- HTTP response splitting and cache poisoning (browser or proxy) are also typical impact of this vulnerability class, but might be impractical to exploit.
Solution
Update the affected packages.See Also
Plugin Details
Severity: Medium
ID: 124353
File Name: freebsd_pkg_5536ea5f681411e9a8f70050562a4d7b.nasl
Version: 1.3
Type: local
Family: FreeBSD Local Security Checks
Published: 4/29/2019
Updated: 1/21/2020
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.8
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Temporal Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 6.1
Temporal Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:py27-buildbot, p-cpe:/a:freebsd:freebsd:py35-buildbot, p-cpe:/a:freebsd:freebsd:py36-buildbot, p-cpe:/a:freebsd:freebsd:py37-buildbot, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Ease: No known exploits are available
Patch Publication Date: 4/26/2019
Vulnerability Publication Date: 1/29/2019
Reference Information
CVE: CVE-2019-7313