Vulnerabilities > Pivotal Software > Concourse > 6.2.0

DATE CVE VULNERABILITY TITLE RISK
2022-12-19 CVE-2022-31683 Unspecified vulnerability in Pivotal Software Concourse
Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue.
network
low complexity
pivotal-software
5.4
2020-08-12 CVE-2020-5415 Authentication Bypass by Spoofing vulnerability in Pivotal Software Concourse
Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team.
network
low complexity
pivotal-software CWE-290
critical
10.0
2018-03-13 CVE-2018-1227 Unspecified vulnerability in Pivotal Software Concourse
Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer obtained the Concourse software from a DNS domain that is no longer controlled by Pivotal.
network
low complexity
pivotal-software
7.5