Monorail Google Monorail

stack.watch can email you when security vulnerabilities are reported in Google Monorail. You can add multiple products that you use with Monorail to create your own personal software stack watcher.

By the Year

In 2021 there have been 0 vulnerabilities in Google Monorail . Monorail did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 3 5.30

It may take a day or so for new Monorail vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Google Monorail Security Vulnerabilities

Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability

CVE-2018-10099 5.3 - Medium - November 20, 2018

Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports.

CVE-2018-10099 can be explotited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.6 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

352

Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability

CVE-2018-19334 5.3 - Medium - November 20, 2018

Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports.

CVE-2018-19334 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.6 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

352

Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability

CVE-2018-19335 5.3 - Medium - November 20, 2018

Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.

CVE-2018-19335 can be explotited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.6 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

352