SB2018120404 - Information disclosure in Google Monorail

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018120404

SB2018120404 - Information disclosure in Google Monorail

Published: December 4, 2018

Security Bulletin ID SB2018120404
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Cross-Site Search (CVE-ID: CVE-2018-10099)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to Cross-Site Search (XS-Search) flaw in CSV downloads. A remote attacker can create a specially crafted HTML page or URL containing duplicated columns, trick the victim into visiting it and disclose vulnerable source code files and line numbers from private bug reports.

2) Cross-Site Search (CVE-ID: CVE-2018–19334)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to Cross-Site Search (XS-Search) flaw in CSV downloads. A remote attacker can create a specially crafted HTML page or URL containing duplicated columns, trick the victim into visiting it and disclose vulnerable source code files and line numbers from private bug reports.

3) Cross-Site Search (CVE-ID: CVE-2018–19335)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to Cross-Site Search (XS-Search) flaw in CSV downloads. A remote attacker can create a specially crafted HTML page or URL containing duplicated columns, trick the victim into visiting it and disclose vulnerable source code files and line numbers from private bug reports.

Remediation

Install update from vendor's website.

References