VYPR
Moderate severityNVD Advisory· Published Dec 19, 2022· Updated Apr 16, 2025

CVE-2022-31683

CVE-2022-31683

Description

Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/concourse/concourseGo
< 6.7.96.7.9
github.com/concourse/concourseGo
>= 7.0.0, < 7.8.37.8.3

Affected products

3

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.