Pivotal_software Concourse
7 CVEs affecting Pivotal_software Concourse. Latest disclosed: 2022-12-19. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-5415 | Critical | 10.0 | 2020-08-12 | Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a… |
CVE-2018-15798 | High | 7.6 | 2018-12-19 | Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a u… |
CVE-2018-1227 | High | 7.5 | 2018-03-13 | Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer obtained the Concourse software from a DNS domain… |
CVE-2019-3792 | Medium | 6.8 | 2019-04-01 | Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL… |
CVE-2020-5409 | Medium | 6.1 | 2020-05-14 | Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a u… |
CVE-2022-31683 | Medium | 5.4 | 2022-12-19 | Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team… |
CVE-2019-3803 | Medium | 4.5 | 2019-01-12 | Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user's brows… |