Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pivotal software concourse vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-31683
Concourse (7.x.y before 7.8.3 and 6.x.y before 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team.
Pivotal Software Concourse
445
VMScore
CVE-2018-1227
Pivotal Concourse after 2018-03-05 might allow remote malicious users to have an unspecified impact, if a customer obtained the Concourse software from a DNS domain that is no longer controlled by Pivotal. The original domain for the Concourse CI (concourse-dot-ci) open source pr...
Pivotal Software Concourse
516
VMScore
CVE-2018-15798
Pivotal Concourse Release, versions 4.x before 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access t...
Pivotal Software Concourse
445
VMScore
CVE-2019-3792
Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the malicious user to read privileged data.
Pivotal Software Concourse
445
VMScore
CVE-2019-3803
Pivotal Concourse, all versions before 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user's browser history could obtain the access token and use it to authenticate as the user.
Pivotal Software Concourse
516
VMScore
CVE-2020-5409
Pivotal Concourse, most versions before 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access t...
Pivotal Software Concourse
570
VMScore
CVE-2020-5415
Concourse, versions before 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have...
Pivotal Software Concourse
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started