CVE-2018-10099

Published Nov 20, 2018

Last updated 4 days ago

Overview

Description
Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports.
Source
cve@mitre.org
NVD status
Modified

Risk scores

CVSS 3.0

Type
Primary
Base score
5.3
Impact score
3.6
Exploitability score
1.6
Vector string
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity
MEDIUM

CVSS 2.0

Type
Primary
Base score
4.3
Impact score
2.9
Exploitability score
8.6
Vector string
AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov
CWE-352

Social media

Hype score
Not currently trending

Configurations