Pivotal Software Concourse 0.1.0 Release Candidate 1

CPE Details

Pivotal Software Concourse 0.1.0 Release Candidate 1
0.1.0
2019-06-25 15:47 +00:00
2019-06-25 15:47 +00:00

Alerte pour un CPE

Stay informed of any changes for a specific CPE.
Alert management

CPE Name: cpe:2.3:a:pivotal_software:concourse:0.1.0:rc1:*:*:*:*:*:*

Informations

Vendor

pivotal_software

Product

concourse

Version

0.1.0

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-5415 2020-08-12 16:40 +00:00 Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team.
10
CRITICAL
CVE-2020-5409 2020-05-13 23:15 +00:00 Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse. (This issue is similar to, but distinct from, CVE-2018-15798.)
6.1
MEDIUM
CVE-2019-3792 2019-04-01 20:54 +00:00 Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data.
7.5
HIGH
CVE-2019-3803 2019-01-12 01:00 +00:00 Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user's browser history could obtain the access token and use it to authenticate as the user.
7.5
HIGH
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.