MEDIUM🇬🇧 English

CVE-2022-31683

CVSS 5.4v3.1pub. 2022-12-19upd. 2025-04-16

Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
  • Pivotal Software Concourse

    APP
    Pivotal Software
    6.0.0 – 6.7.9 (bez)7.0.0 – 7.8.3 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-5415CRITICAL10.0ten sam produkt

Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnera...

CVE-2018-15798HIGH7.6ten sam produkt

Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A r...

CVE-2018-1227HIGH7.5ten sam produkt

Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer o...

CVE-2020-5409MEDIUM6.1ten sam produkt

Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A r...

CVE-2019-3792MEDIUM6.8ten sam produkt

Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource ca...

CVE-2022-31683 — MEDIUM 5.4 | CVEbaza.pl