PT-2018-14923 · Google · Google Monorail
Published
2018-11-20
·
Updated
2018-12-18
·
CVE-2018-19334
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Google Monorail versions prior to 2018-05-04
Description
The issue allows for a Cross-Site Search (XS-Search) due to CSV downloads being affected by CSRF. Additionally, calculations of download times for requests with an unsupported axis can be used to obtain sensitive information about the content of bug reports.
Recommendations
For versions prior to 2018-05-04, update to a version released after 2018-05-04 to resolve the issue.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Google Monorail