Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pivotal software vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-3792
Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the malicious user to read privileged data.
Pivotal Software Concourse
7.5
CVSSv3
CVE-2019-3803
Pivotal Concourse, all versions before 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user's browser history could obtain the access token and use it to authenticate as the user.
Pivotal Software Concourse
5.4
CVSSv3
CVE-2018-15798
Pivotal Concourse Release, versions 4.x before 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access t...
Pivotal Software Concourse
6.5
CVSSv3
CVE-2018-1279
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to...
Pivotal Software Rabbitmq
1 Github repository
7.5
CVSSv3
CVE-2016-8220
Pivotal Gemfire for PCF, versions 1.6.x before 1.6.5.0 and 1.7.x before 1.7.1.0, contain an information disclosure vulnerability. The application inadvertently exposed WAN replication credentials at a public route.
Pivotal Software Gemfire
7.5
CVSSv3
CVE-2018-1227
Pivotal Concourse after 2018-03-05 might allow remote malicious users to have an unspecified impact, if a customer obtained the Concourse software from a DNS domain that is no longer controlled by Pivotal. The original domain for the Concourse CI (concourse-dot-ci) open source pr...
Pivotal Software Concourse
6.1
CVSSv3
CVE-2020-5409
Pivotal Concourse, most versions before 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access t...
Pivotal Software Concourse
7.2
CVSSv3
CVE-2016-6656
An issue exists in Pivotal Greenplum prior to 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order to exploit this vulnerability the user must have superuser 'gpadmin' access...
Pivotal Software Greenplum
5.4
CVSSv3
CVE-2022-31683
Concourse (7.x.y before 7.8.3 and 6.x.y before 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team.
Pivotal Software Concourse
10
CVSSv3
CVE-2020-5415
Concourse, versions before 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have...
Pivotal Software Concourse
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »