Phillip Kuhrt

**Name of the Vulnerable Software and Affected Versions** Buildbot versions prior to 1.8.2 Buildbot versions 2.x prior to 2.3.1 **Description** The issue allows an attacker to login as a victim if they have a token that permits them to read the victim's user details. This is possible because Buildbot accepts and uses user-submitted authorization tokens from OAuth for authentication. **Recommendations** For Buildbot versions prior to 1.8.2, update to version 1.8.2 or later. For Buildbot versions 2.x prior to 2.3.1, update to version 2.3.1 or later.