Google Monorail
By the Year
In 2024 there have been 0 vulnerabilities in Google Monorail . Monorail did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 3 | 5.30 |
It may take a day or so for new Monorail vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Monorail Security Vulnerabilities
Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability
CVE-2018-10099
5.3 - Medium
- November 20, 2018
Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports.
Session Riding
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability
CVE-2018-19334
5.3 - Medium
- November 20, 2018
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports.
Session Riding
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability
CVE-2018-19335
5.3 - Medium
- November 20, 2018
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Google Monorail or by Google? Click the Watch button to subscribe.
