Approved changes feed: RSS · Atom

cpe:2.3:a:vmware_tanzu:concourse:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorVmware Tanzu (da821fa9-004a-54a3-94e4-fdafe5ab01aa)
ProductConcourse (71762782-0161-5723-b9b8-2f9f40fc58b3)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2020-5415 vulnerable 2026-06-08 05:26:42.818566 Concourse's GitLab auth allows impersonation
CRITICAL (10)
Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team.
Published: 2020-08-12T16:40:14.465Z
Updated: 2024-09-16T17:53:07.446Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.