PT-2018-14923 · Google · Google Monorail
Publicado
2018-11-20
·
Atualizado
2018-12-18
·
CVE-2018-19334
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Google Monorail versions prior to 2018-05-04
Description
The issue allows for a Cross-Site Search (XS-Search) due to CSV downloads being affected by CSRF. Additionally, calculations of download times for requests with an unsupported axis can be used to obtain sensitive information about the content of bug reports.
Recommendations
For versions prior to 2018-05-04, update to a version released after 2018-05-04 to resolve the issue.
Exploit
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Google Monorail