Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pivotal vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2020-5415
Concourse, versions before 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have...
Pivotal Software Concourse
5
CVSSv2
CVE-2019-11284
Pivotal Reactor Netty, versions before 0.8.11, passes headers through redirects, including authorization ones. A remote unauthenticated malicious user may gain access to credentials for a different server than they have access to.
Pivotal Reactor Netty
5
CVSSv2
CVE-2019-3803
Pivotal Concourse, all versions before 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user's browser history could obtain the access token and use it to authenticate as the user.
Pivotal Software Concourse
5
CVSSv2
CVE-2018-1227
Pivotal Concourse after 2018-03-05 might allow remote malicious users to have an unspecified impact, if a customer obtained the Concourse software from a DNS domain that is no longer controlled by Pivotal. The original domain for the Concourse CI (concourse-dot-ci) open source pr...
Pivotal Software Concourse
6.5
CVSSv2
CVE-2016-6656
An issue exists in Pivotal Greenplum prior to 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order to exploit this vulnerability the user must have superuser 'gpadmin' access...
Pivotal Software Greenplum
5.8
CVSSv2
CVE-2018-15798
Pivotal Concourse Release, versions 4.x before 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access t...
Pivotal Software Concourse
5
CVSSv2
CVE-2014-9494
RabbitMQ prior to 3.4.0 allows remote malicious users to bypass the loopback_users restriction via a crafted X-Forwareded-For header.
Pivotal Software Rabbitmq
4.9
CVSSv2
CVE-2020-5404
The HttpClient from Reactor Netty, versions 0.9.x before 0.9.5, and versions 0.8.x before 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to fo...
Pivotal Reactor Netty
4.3
CVSSv2
CVE-2020-5426
Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted th...
Vmware Pivotal Scheduler
5
CVSSv2
CVE-2019-3792
Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the malicious user to read privileged data.
Pivotal Software Concourse
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »