A CRLF can be injected in Location header of /auth/login and /auth/logout
This is due to lack of input validation in the buildbot redirection code.
It was not found a way to impact Buildbot product own security through
this vulnerability, but it could be used to compromise other sites
hosted on the same domain as Buildbot.
- cookie injection a master domain (ie if your buildbot is on
buildbot.buildbot.net, one can inject a cookie on *.buildbot.net,
which could impact another website hosted in your domain)
- HTTP response splitting and cache poisoning (browser or proxy) are
also typical impact of this vulnerability class, but might be impractical
to exploit.