Moderate severityNVD Advisory· Published Dec 19, 2022· Updated Apr 16, 2025
CVE-2022-31683
CVE-2022-31683
Description
Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/concourse/concourseGo | < 6.7.9 | 6.7.9 |
github.com/concourse/concourseGo | >= 7.0.0, < 7.8.3 | 7.8.3 |
Affected products
3- Concourse/Concoursedescription
- osv-coords2 versions
>= 6.0.0, < 6.7.9+ 1 more
- (no CPE)range: >= 6.0.0, < 6.7.9
- (no CPE)range: < 6.7.9
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-5jp2-vwrj-99rfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-31683ghsaADVISORY
- github.com/concourse/concourse/commit/57e06711b0d861775a5a6bd078a34abeb0e2638eghsaWEB
- github.com/concourse/concourse/commit/ba885834d9bcbb9d1ccb9964faa7af0e78a72205ghsaWEB
- github.com/concourse/concourse/pull/8566ghsaWEB
- github.com/concourse/concourse/pull/8580ghsaWEB
- github.com/concourse/concourse/releases/tag/v6.7.9ghsaWEB
- github.com/concourse/concourse/releases/tag/v7.8.3ghsaWEB
- github.com/concourse/concourse/security/advisories/GHSA-5jp2-vwrj-99rfghsaWEB
News mentions
0No linked articles in our index yet.