Pivotal Concourse Open Redirect in Login Flow

🗓️ 15 Feb 2022 01:18:57Reported by GitHub Advisory DatabaseType

Pivotal Concourse Open Redirect in Login Flow. Remote attacker redirects user to gain access to access token

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 12
OSV	GHSA-9689-RX4V-CQGC Pivotal Concourse Open Redirect in Login Flow	15 Feb 202201:57	–	osv
OSV	CVE-2018-15798	19 Dec 201822:29	–	osv
OSV	CVE-2020-5409	14 May 202000:15	–	osv
OSV	BIT-CONCOURSE-2020-5409	6 Mar 202410:51	–	osv
CVE	CVE-2018-15798	19 Dec 201822:29	–	cve
CVE	CVE-2020-5409	14 May 202000:15	–	cve
Cvelist	CVE-2018-15798 Pivotal Concourse allows malicious redirect urls on login	19 Dec 201822:00	–	cvelist
Cvelist	CVE-2020-5409 Concourse Open Redirect in the /sky/login endpoint	13 May 202023:15	–	cvelist
Prion	Design/Logic Flaw	19 Dec 201822:29	–	prion
Prion	Code injection	14 May 202000:15	–	prion

Vulners

Node

concourse concourseRange5.6.0–5.8.1

concourse concourseRange5.3.0–5.5.10

concourse concourseRange<5.2.8

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-15798
github	www.github.com/concourse/concourse/pull/5350/commits/38cb4cc025e5ed28764b4adc363a0bbf41f3c7cb
github	www.github.com/concourse/concourse/blob/release/5.2.x/release-notes/v5.2.8.md
pivotal	www.pivotal.io/security/cve-2018-15798
github	www.github.com/advisories/GHSA-9689-rx4v-cqgc

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

15 Feb 2022 01:57Current

5.8Medium risk

Vulners AI Score5.8

CVSS25.8

CVSS35.4 - 7.6

EPSS0.00666

CWE-601