Authentication bypass
Buildbot accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can log in as the victim.
Buildbot accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can log in as the victim.
www/resource.py in Buildbot allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other websites in the same domain.