FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

buildbot -- OAuth Authentication Vulnerability

Affected packages
py27-buildbot < 2.3.1
py35-buildbot < 2.3.1
py36-buildbot < 2.3.1
py37-buildbot < 2.3.1

Details

VuXML ID ada8db8a-8471-11e9-8170-0050562a4d7b
Discovery 2019-05-07
Entry 2019-06-01

Buildbot accepted user-submitted authorization token from OAuth and used it to authenticate user.

The vulnerability can lead to malicious attackers to authenticate as legitimate users of a Buildbot instance without knowledge of the victim's login credentials on certain scenarios.

If an attacker has an application authorized to access data of another user at the same Identity Provider as the used by the Buildbot instance, then he can acquire a token to access the data of that user, supply the token to the Buildbot instance and successfully login as the victim.

References

CVE Name CVE-2019-12300
URL https://github.com/buildbot/buildbot/pull/4763
URL https://github.com/buildbot/buildbot/wiki/OAuth-vulnerability-in-using-submitted-authorization-token-for-authentication