Go modules package
github.com/concourse/dex
pkg:golang/github.com/concourse/dex
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-5415 | Cri | 10.0 | >= 6.4.0, < 6.4.1 | 6.4.1 | Aug 12, 2020 | Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not ha |
- affected >= 6.4.0, < 6.4.1fixed 6.4.1
Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not ha