Buildbot OAuth Authentication Vulnerability

The exploit of the day today is a Vulnerability affecting the popular Continuous integration tool buildbot .

CVE: CVE-2019-12300

Links:

https://buildbot.net/

https://www.python.org/dev/buildbot/

https://github.com/buildbot/buildbot/wiki/OAuth-vulnerability-in-using-submitted-authorization-token-for-authentication

https://github.com/buildbot/buildbot/commit/8dd63f494af50ce58b0a8d79ad7eff2b25ca3460

The Vulnerability was found and reported by Phillip Kuhrt and affects the Oauth authentication feature used in buildbot.

Buildbot is used by several larger software provider such as:

Monero

utah.edu

wxpython

React OS

llvm

Openslide

Openwrt

This makes third parties able to authenticate as a legitimate user.

The vulnerability is officially described as the following:

If an attacker has an application authorized to access data of another user at the same Identity Provider as the used by the Buildbot instance, then he can acquire a token to access the data of that user, supply the token to the Buildbot instance and successfully login as the victim.

If you are using Oauth in any of your applications we recommend that you verify the implementation of it.

A better validation of tokens has been implemented in the commit 8dd63f494af50ce58b0a8d79ad7eff2b25ca3460