Cross-Site Search Vulnerability in Google Monorail
CVE-2018-19335

5.3MEDIUM

Key Information:

Vendor

Google
Status
Monorail
Vendor
CVE Published:
20 November 2018

What is CVE-2018-19335?

Google Monorail prior to June 7, 2018, contains a Cross-Site Search vulnerability that exposes CSV downloads to CSRF attacks. This vulnerability could allow malicious users to manipulate download requests by using crafted group-by values, potentially revealing sensitive content from bug reports. Users must remain vigilant to ensure the integrity of their data and protect against unauthorized access.

References

https://www.reddit.com/r/netsec/comments/9yiidf/xssearchi...
x_refsource_MISC
https://medium.com/%40luanherrera/xs-searching-googles-bu...
x_refsource_MISC
https://chromium.googlesource.com/infra/infra/+/e27936ef8...
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.