Lucene search
VmwareCVELIST:CVE-2022-31683HistoryDec 19, 2022 - 12:00 a.m.
CVE-2022-31683
2022-12-1900:00:00
vmware
www.cve.org
concourse
authorization bypass
security issue
team scope
resource access
0.001 Low
EPSS
Percentile
23.5%
Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team.
CNA Affected
[
{
"vendor": "n/a",
"product": "Concourse",
"versions": [
{
"version": "Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9)",
"status": "affected"
}
]
}
]Related
veracode
veracode
Authorization Bypass
2022-12-20 06:06:49
prion
prion
Authorization
2022-12-19 16:15:00
osv
osv
Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution
2022-10-19 20:26:05
CVE-2022-31683
2022-12-19 16:15:11
BIT-concourse-2022-31683
2024-03-06 10:50:52
nvd
nvd
CVE-2022-31683
2022-12-19 16:15:11
cve
cve
CVE-2022-31683
2022-12-19 16:15:11
github
github