VYPR

Go modules package

github.com/concourse/dex

pkg:golang/github.com/concourse/dex

Vulnerabilities (1)

  • CVE-2020-5415CriAug 12, 2020
    affected >= 6.4.0, < 6.4.1fixed 6.4.1

    Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not ha