FreeBSD : buildbot -- CRLF injection in Buildbot login and logout redirect code (5536ea5f-6814-11e9-a8f7-0050562a4d7b)

medium Nessus Plugin ID 124353

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

A CRLF can be injected in Location header of /auth/login and /auth/logout This is due to lack of input validation in the buildbot redirection code.

It was not found a way to impact Buildbot product own security through this vulnerability, but it could be used to compromise other sites hosted on the same domain as Buildbot.

- cookie injection a master domain (ie if your buildbot is on buildbot.buildbot.net, one can inject a cookie on *.buildbot.net, which could impact another website hosted in your domain)

- HTTP response splitting and cache poisoning (browser or proxy) are also typical impact of this vulnerability class, but might be impractical to exploit.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?04c25f8a

http://www.nessus.org/u?b83c48f8

Plugin Details

Severity: Medium

ID: 124353

File Name: freebsd_pkg_5536ea5f681411e9a8f70050562a4d7b.nasl

Version: 1.4

Type: local

Published: 4/29/2019

Updated: 5/30/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS Score Source: CVE-2019-7313

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:py27-buildbot, p-cpe:/a:freebsd:freebsd:py37-buildbot, p-cpe:/a:freebsd:freebsd:py36-buildbot, cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:py35-buildbot

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/26/2019

Vulnerability Publication Date: 1/29/2019

Reference Information

CVE: CVE-2019-7313