CVE-2019-3792
Concourse 5.0.0 is affected by an SQL injection in its API where a version identifier can carry payloads to the server, enabling reading of privileged data. Public sources (NVD entry for CVE-2019-3792 and multiple advisories) confirm the vulnerability lies in the API handling the version paramete...