3 matches found
CVE-2020-5409
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...
CVE-2020-5409 Concourse Open Redirect in the /sky/login endpoint
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...
CVE-2020-5409
Pivotal Concourse suffers an open redirect in the login flow (OAuth redirect) that can be exploited to trick a user into visiting an untrusted site and potentially obtain that user’s access token. Affected: most Concourse versions before 6.0.0. Root cause: login flow redirects to untrusted websit...