CVE-2019-3792
6.8
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H
Summary
Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Pivotal | Concourse | All < v5.0.1 | affected |
Weaknesses
- CWE-89: CWE-89: SQL Injection
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.