Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.
References
Configurations
History
07 Nov 2023, 02:55
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2018-11-20 09:29
Updated : 2023-12-10 12:44
NVD link : CVE-2018-19335
Mitre link : CVE-2018-19335
CVE.ORG link : CVE-2018-19335
JSON object : View
Products Affected
- monorail
CWE
CWE-352
Cross-Site Request Forgery (CSRF)