4 matches found
CVE-2022-31683
Concourse 7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9 contains an authorization bypass issue. A Concourse user can send a request with body including :teamname=team2 to bypass team scope check to gain access to certain resources belong to any other team...
CVE-2022-31683
Concourse 7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9 contains an authorization bypass issue. A Concourse user can send a request with body including :teamname=team2 to bypass team scope check to gain access to certain resources belong to any other team...
CVE-2022-31683
Concourse (versions 7.x.y before 7.8.3 and 6.x.y before 6.7.9) is vulnerable to an authorization bypass where a user can send a body parameter :team_name to bypass team scope and access resources belonging to other teams. Root cause: HTTP request parsing allowed body parameters to override scope ...
CVE-2022-31683
Concourse 7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9 contains an authorization bypass issue. A Concourse user can send a request with body including :teamname=team2 to bypass team scope check to gain access to certain resources belong to any other team...