cvedb.io
CVE-2018-19335
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2018-11-20T09:29:04.553 · Last modified 2026-06-17T01:49:09.467

Summary

Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.

Affected products

google — monorail

Does this affect you?

Add your gear to cvedb and we'll alert you only when google ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.