CVE-2018-15798

Summary

Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse.

Affected Software

VendorProductVersion RangeStatus
PivotalConcourse4.x < 4.2.2affected

Weaknesses

  • Open Redirect

ADP Enrichment

CVE Program Container

Additional References

References