Pivotal Software Concourse — known CVE vulnerabilities
Every CVE whose affected-product data names Pivotal Software Concourse, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2020-5415 — CVSS 10.0 (critical): Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by…
CVE-2018-15798 — CVSS 7.6 (high): Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated…
CVE-2018-1227 — CVSS 7.5 (high): Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer obtained the Concourse…
CVE-2019-3792 — CVSS 6.8 (medium): Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier…
CVE-2020-5409 — CVSS 6.1 (medium): Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated…
CVE-2022-31683 — CVSS 5.4 (medium): Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with…
CVE-2019-3803 — CVSS 4.5 (medium): Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains…