VYPR

Bitnami package

concourse

pkg:bitnami/concourse

Vulnerabilities (3)

  • CVE-2022-31683Dec 19, 2022
    affected >= 6.0.0, < 6.7.9fixed 6.7.9

    Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team.

  • CVE-2020-5415Aug 12, 2020
    affected < 6.3.1fixed 6.3.1

    Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not ha

  • CVE-2020-5409May 13, 2020
    affected < 5.2.8fixed 5.2.8

    Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access toke