35 matches found
EUVD-2020-26583
Malware in sbrugna...
EUVD-2019-13429
Malware in sbrugna...
EUVD-2022-0811
Malicious code in bioql PyPI...
EUVD-2022-0931
Malicious code in bioql PyPI...
BIT-CONCOURSE-2020-5409 Concourse Open Redirect in the /sky/login endpoint
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...
Pivotal Concourse SQL Injection Vulnerability
Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data...
Pivotal Concourse Open Redirect in Login Flow
Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...
GHSA-4FQX-74RV-638W Pivotal Concourse SQL Injection Vulnerability
Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data...
GHSA-9689-RX4V-CQGC Pivotal Concourse Open Redirect in Login Flow
Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...
CVE-2020-5409
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...
CVE-2020-5409
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...
Code injection
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...
CVE-2020-5409 Concourse Open Redirect in the /sky/login endpoint
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...
CVE-2020-5409
Pivotal Concourse suffers an open redirect in the login flow (OAuth redirect) that can be exploited to trick a user into visiting an untrusted site and potentially obtain that user’s access token. Affected: most Concourse versions before 6.0.0. Root cause: login flow redirects to untrusted websit...
CVE-2019-3792
Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data...
CVE-2019-3792
Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data...
Sql injection
Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data...
CVE-2019-3792
Concourse 5.0.0 is affected by an SQL injection in its API where a version identifier can carry payloads to the server, enabling reading of privileged data. Public sources (NVD entry for CVE-2019-3792 and multiple advisories) confirm the vulnerability lies in the API handling the version paramete...
CVE-2019-3792 Concourse 5.0.0 SQL Injection vulnerability
Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data...
Pivotal Concourse Token Disclosure Vulnerability
Pivotal Concourse is a software delivery control system for continuous development from Pivotal Software. A security vulnerability exists in Pivotal Concourse versions prior to 4.2.2, which originates when the program places a user's access token in a URL. A remote attacker can exploit this...