Buildbot · Buildbot · CVE-2019-12300
**Name of the Vulnerable Software and Affected Versions**
Buildbot versions prior to 1.8.2
Buildbot versions 2.x prior to 2.3.1
**Description**
The issue allows an attacker to login as a victim if they have a token that permits them to read the victim's user details. This is possible because Buildbot accepts and uses user-submitted authorization tokens from OAuth for authentication.
**Recommendations**
For Buildbot versions prior to 1.8.2, update to version 1.8.2 or later.
For Buildbot versions 2.x prior to 2.3.1, update to version 2.3.1 or later.