Pivotal Concourse

4 CVEs affecting Pivotal Concourse. Latest disclosed: 2020-05-14. Critical: 0, High: 1.

Top CVEs affecting Pivotal Concourse
CVESeverityScorePublishedSummary
CVE-2018-15798High7.62018-12-19Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a u…
CVE-2019-3792Medium6.82019-04-01Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL…
CVE-2020-5409Medium6.12020-05-14Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a u…
CVE-2019-3803Medium4.52019-01-12Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user's brows…