3 matches found
CVE-2018-15798
Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...
CVE-2018-15798 Pivotal Concourse allows malicious redirect urls on login
Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...
CVE-2018-15798
CVE-2018-15798 affects Pivotal Concourse (4.x) prior to 4.2.2. The login flow allows redirects to untrusted websites via the OAuth redirect, enabling an unauthenticated attacker to entice a user to click a link and obtain that user’s Concourse access token. Root cause is an open redirect in the l...