CVE-2019-3792

MEDIUM

6.8

CVSS Severity Score

EPSS Score0.0560%

EPSS Percentile19.22th

Published2019年4月1日

Last Modified2024年11月21日

Vulnerability Description

Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data.

Affected Platforms (CPE)

📦

Pivotal Software

Concourse

< 5.0.1

References & Advisories

🔗 https://pivotal.io/security/cve-2019-3792

相關漏洞威脅

CVE-2020-541510.0

Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoo...

CVE-2018-157987.6

Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticate...

CVE-2018-12277.5

Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer obtained the Concours...

CVE-2020-54096.1

Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticate...