Approved changes feed: RSS · Atom
cpe:2.3:a:pivotal:concourse:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Pivotal (c2eefbd5-173d-5b7c-b22b-5a5aa11c4b70) |
|---|---|
| Product | Concourse (3faaba29-db80-56cc-bb3a-eb9cecb07cf9) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-5409 |
vulnerable | 2026-06-03 14:42:56.405279 |
Concourse Open Redirect in the /sky/login endpoint
HIGH (7.6)
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse. (This issue is similar to, but distinct from, CVE-2018-15798.)
Published: 2020-05-13T23:15:17.452Z
Updated: 2024-09-17T02:47:32.788Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3803 |
vulnerable | 2026-06-03 14:40:27.551388 |
Concourse includes token in CLI authentication callback
MEDIUM (4.5)
Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user's browser history could obtain the access token and use it to authenticate as the user.
Published: 2019-01-12T01:00:00.000Z
Updated: 2024-09-16T20:36:24.722Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3792 |
vulnerable | 2026-06-03 14:40:27.470982 |
Concourse 5.0.0 SQL Injection vulnerability
MEDIUM (6.8)
Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data.
Published: 2019-04-01T20:54:47.233Z
Updated: 2024-09-17T01:46:43.383Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-15798 |
vulnerable | 2026-06-03 14:38:19.451594 |
Pivotal Concourse allows malicious redirect urls on login
HIGH (7.6)
Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse.
Published: 2018-12-19T22:00:00.000Z
Updated: 2024-09-17T03:18:08.124Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.