CVE-2020-5409
7.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Summary
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse. (This issue is similar to, but distinct from, CVE-2018-15798.)
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Pivotal | Concourse | unspecified < 5.2.8 | affected |
| Pivotal | Concourse | unspecified < 5.5.10 | affected |
| Pivotal | Concourse | unspecified < 5.8.1 | affected |
| Pivotal | Concourse | unspecified < 6.0.0 | affected |
Weaknesses
- CWE-601: CWE-601: Open Redirect
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.