First published: Tue Nov 20 2018(Updated: )
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Google Monorail | <2018-06-07 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.