buildbot -- CRLF injection in Buildbot login and logout redirect code
A CRLF can be injected in Location header of /auth/login and /auth/logout
This is due to lack of input validation in the buildbot redirection code.
It was not found a way to impact Buildbot product own security through
this vulnerability, but it could be used to compromise other sites
hosted on the same domain as Buildbot.
- cookie injection a master domain (ie if your buildbot is on
buildbot.buildbot.net, one can inject a cookie on *.buildbot.net,
which could impact another website hosted in your domain)
- HTTP response splitting and cache poisoning (browser or proxy) are
also typical impact of this vulnerability class, but might be impractical
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright