Lucene search
PRIOn knowledge basePRION:CVE-2020-5409HistoryMay 14, 2020 - 12:15 a.m.
Code injection
2020-05-1400:15:00
PRIOn knowledge base
www.prio-n.com
3
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user’s access token in Concourse. (This issue is similar to, but distinct from, CVE-2018-15798.)
References
Related
osv
osv
CVE-2020-5409
2020-05-14 00:15:11
BIT-concourse-2020-5409
2024-03-06 10:51:15
Pivotal Concourse Open Redirect in Login Flow
2022-02-15 01:57:18
cvelist
cvelist
CVE-2020-5409 Concourse Open Redirect in the /sky/login endpoint
2020-05-13 00:00:00
CVE-2018-15798 Pivotal Concourse allows malicious redirect urls on login
2018-12-13 00:00:00
nvd
nvd
CVE-2020-5409
2020-05-14 00:15:11
CVE-2018-15798
2018-12-19 22:29:00
cve
cve
CVE-2020-5409
2020-05-14 00:15:11
CVE-2018-15798
2018-12-19 22:29:00
prion
prion
Design/Logic Flaw
2018-12-19 22:29:00
github
github
Pivotal Concourse Open Redirect in Login Flow
2022-02-15 01:57:18