CVE-2019-12300: Authentication bypass
(updated )
Buildbot accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can log in as the victim.
References
Detect and mitigate CVE-2019-12300 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →