CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-15798

HIGH
7.6
CVSS Severity Score
EPSS Score0.1710%
EPSS Percentile41.72th
Published2018年12月19日
Last Modified2024年11月21日

Vulnerability Description

Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse.

Affected Platforms (CPE)

📦
Pivotal Software

Concourse

>= 4.0.0 and < 4.2.2

References & Advisories

🔗 https://pivotal.io/security/cve-2018-15798
🔗 https://pivotal.io/security/cve-2018-15798

関連する脆弱性情報

CVE-2020-541510.0

Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoo...

CVE-2018-12277.5

Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer obtained the Concours...

CVE-2019-37926.8

Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version id...

CVE-2020-54096.1

Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticate...