www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain. References: https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code
Created buildbot tracking bugs for this issue: Affects: fedora-all [bug 1672294]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.