Google Monorail
By the Year
In 2021 there have been 0 vulnerabilities in Google Monorail . Monorail did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 3 | 5.30 |
It may take a day or so for new Monorail vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Google Monorail Security Vulnerabilities
Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability
CVE-2018-10099
5.3 - Medium
- November 20, 2018
Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-10099 can be explotited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.6 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
352
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability
CVE-2018-19334
5.3 - Medium
- November 20, 2018
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-19334 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.6 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
352
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability
CVE-2018-19335
5.3 - Medium
- November 20, 2018
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-19335 can be explotited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.6 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
352