3 matches found
CVE-2020-5415
Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this...
CVE-2020-5415
CVE-2020-5415 affects Concourse when using the GitLab authentication connector. Versions prior to 6.3.1 and 6.4.1 are vulnerable to identity spoofing by configuring a GitLab account whose full name matches another user granted access to a Concourse team, allowing impersonation. GitLab groups are ...
CVE-2020-5415 Concourse's GitLab auth allows impersonation
Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this...