Lucene search
K

76 matches found

OSV
OSV
added last week3 views

GHSA-8W27-C4VC-88Q9 Concourse login flow has an open redirect issue

Impact An attacker is able to craft and send a user a URL that will redirect the user from the Concourse web server to any other site. This could be used in a phishing attack to steal user's credentials. Patches This has been fixed in 8.2.3 Workarounds None. Exploit Vulnerable code was in:...

5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-55209

Name of the Vulnerable Software and Affected Versions Concourse versions prior to 8.2.3 Description An open redirect issue exists in the login flow. An attacker can craft a URL that redirects users from the Concourse web server to an external site, which could be utilized in phishing attacks to...

5.9AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.10 views

CVE-2022-31683

Concourse 7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9 contains an authorization bypass issue. A Concourse user can send a request with body including :teamname=team2 to bypass team scope check to gain access to certain resources belong to any other team...

5.4CVSS7AI score0.00446EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-2453

Malware in sbrugna...

10CVSS8.9AI score0.01217EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-26583

Malware in sbrugna...

7.6CVSS6.9AI score0.00907EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-13429

Malware in sbrugna...

7.5CVSS6.2AI score0.00642EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-11861

Malware in sbrugna...

7.5CVSS7.6AI score0.01234EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-0811

Malicious code in bioql PyPI...

7.5CVSS7AI score0.01091EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-0931

Malicious code in bioql PyPI...

7.6CVSS6.4AI score0.01145EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.20 views

EUVD-2022-7028

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00446EPSS
Exploits1References9
OSV
OSV
added 2024/03/06 10:51 a.m.22 views

BIT-CONCOURSE-2020-5409 Concourse Open Redirect in the /sky/login endpoint

Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...

7.6CVSS5.8AI score0.00907EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 10:51 a.m.9 views

BIT-CONCOURSE-2020-5415 Concourse's GitLab auth allows impersonation

Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this...

10CVSS9.2AI score0.01217EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:50 a.m.8 views

BIT-CONCOURSE-2022-31683

Concourse 7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9 contains an authorization bypass issue. A Concourse user can send a request with body including :teamname=team2 to bypass team scope check to gain access to certain resources belong to any other team...

5.4CVSS5.5AI score0.00446EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/08/30 12:0 a.m.24 views

Security Update for Microsoft Visual Studio Code Concourse CI Pipeline Editor Extension (CVE-2022-31691)

The Microsoft Visual Studio Code Concourse CI Pipeline Editor Extension is version 1.39.0 or below. It is, therefore, affected by a remote code execution vulnerability. The extension uses the Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that...

9.8CVSS9.2AI score0.02391EPSS
Exploits0References2
Veracode
Veracode
added 2022/12/20 6:6 a.m.17 views

Authorization Bypass

github.com/concourse/concourse is vulnerable to authorization bypasses. A malicious user is able to send a request with a body including :teamname=team2 to bypass team scope check and gain access to certain resources belong to any other team...

5.4CVSS5.7AI score0.00446EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2022/12/19 4:15 p.m.42 views

CVE-2022-31683

Concourse 7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9 contains an authorization bypass issue. A Concourse user can send a request with body including :teamname=team2 to bypass team scope check to gain access to certain resources belong to any other team...

5.4CVSS0.00446EPSS
Exploits1References1
Prion
Prion
added 2022/12/19 4:15 p.m.19 views

Authorization

Concourse 7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9 contains an authorization bypass issue. A Concourse user can send a request with body including :teamname=team2 to bypass team scope check to gain access to certain resources belong to any other team...

5.5CVSS5.6AI score0.00446EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/19 12:0 a.m.4 views

CVE-2022-31683

Concourse 7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9 contains an authorization bypass issue. A Concourse user can send a request with body including :teamname=team2 to bypass team scope check to gain access to certain resources belong to any other team...

7.4AI score0.00446EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/12/19 12:0 a.m.49 views

CVE-2022-31683

Concourse 7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9 contains an authorization bypass issue. A Concourse user can send a request with body including :teamname=team2 to bypass team scope check to gain access to certain resources belong to any other team...

5.9AI score0.00446EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/12/19 12:0 a.m.33 views

Concourse 安全漏洞

Concourse is an automated system written in Go by Concourse Open Source. A security vulnerability exists in Concourse versions prior to 7.x.y through 7.8.3 and versions prior to 6.x.y through 6.7.9, which stems from the ability of its users to send a request with a request body...

5.4CVSS5.7AI score0.00446EPSS
Exploits1References2
Rows per page
Query Builder