CVE-2019-3803
Pivotal Concourse prior to version 4.2.2 exposes the user access token in the login URL. This URL leakage enables a remote attacker with access to a user’s browser history to obtain the token and authenticate as that user. Affected product: Concourse (all versions before 4.2.2). Root cause: token...