CVE-2018-10099

Name of the Vulnerable Software and Affected Versions: Google Monorail versions prior to 2018-04-04

Description: The issue allows for Cross-Site Search (XS-Search) due to CSV downloads being affected by CSRF. Calculations of download times, particularly for requests with duplicated columns, can be exploited to obtain sensitive information about the content of bug reports.

Recommendations: For versions prior to 2018-04-04, update to a version released after 2018-04-04 to resolve the issue. As a temporary workaround, consider restricting access to CSV downloads and implementing CSRF protection measures to minimize the risk of exploitation.