Skip to main content

Concourse

7 CVEs product

Monthly

CVE-2022-31683 Go MEDIUM POC PATCH This Month

Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Concourse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2020-5415 Go CRITICAL PATCH Act Now

Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Gitlab Authentication Bypass Concourse
NVD GitHub
CVSS 3.1
10.0
EPSS
1.2%
CVE-2020-5409 MEDIUM This Month

Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Concourse
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-3792 Go HIGH PATCH This Week

Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Concourse
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-3803 HIGH This Week

Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Concourse
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2018-15798 Go MEDIUM PATCH This Month

Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Concourse
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2018-1227 HIGH This Week

Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer obtained the Concourse software from a DNS domain that is no longer controlled by Pivotal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Concourse
NVD
CVSS 3.0
7.5
EPSS
1.2%
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Concourse
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Gitlab Authentication Bypass Concourse
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Concourse
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Concourse
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Concourse
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Concourse
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer obtained the Concourse software from a DNS domain that is no longer controlled by Pivotal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Concourse
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy