FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ada8db8a-8471-11e9-8170-0050562a4d7bbuildbot -- OAuth Authentication Vulnerability

Buildbot accepted user-submitted authorization token from OAuth and used it to authenticate user.

The vulnerability can lead to malicious attackers to authenticate as legitimate users of a Buildbot instance without knowledge of the victim's login credentials on certain scenarios.

If an attacker has an application authorized to access data of another user at the same Identity Provider as the used by the Buildbot instance, then he can acquire a token to access the data of that user, supply the token to the Buildbot instance and successfully login as the victim.


Discovery 2019-05-07
Entry 2019-06-01
py27-buildbot
py35-buildbot
py36-buildbot
py37-buildbot
lt 2.3.1

https://github.com/buildbot/buildbot/wiki/OAuth-vulnerability-in-using-submitted-authorization-token-for-authentication
https://github.com/buildbot/buildbot/pull/4763
CVE-2019-12300