CVE-2019-12300

Name: CVE-2019-12300
Creator: NVD / NIST
Published: 2019-05-23T15:30:12.623+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.82%

Last modified Jun 17, 2026

CVE-2019-12300 is a vulnerability of currently unknown severity. Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim.. EPSS estimates a 1.82% chance of exploitation in the next 30 days.

Description

Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim.

Metrics

EPSS Probability

1.82%

76.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-287

Affected Software

Vendor	Product	Versions
Buildbot	Buildbot	< 1.8.2
Buildbot	Buildbot	>= 2.0.0, < 2.3.1

References

Timeline

Published: May 23, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-12300?

How severe is CVE-2019-12300?

Severity scoring for CVE-2019-12300 is pending analysis. The EPSS model estimates a 1.82% probability of exploitation in the next 30 days.

How do I fix CVE-2019-12300?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-12300?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST