Vulnerabilities > Pivotal Software > Concourse > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-19 | CVE-2022-31683 | Unspecified vulnerability in Pivotal Software Concourse Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. | 5.4 |
| 2020-08-12 | CVE-2020-5415 | Authentication Bypass by Spoofing vulnerability in Pivotal Software Concourse Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. | 6.4 |
| 2020-05-14 | CVE-2020-5409 | Open Redirect vulnerability in Pivotal Software Concourse Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. | 5.8 |
| 2019-04-01 | CVE-2019-3792 | SQL Injection vulnerability in Pivotal Software Concourse Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. | 5.0 |
| 2019-01-12 | CVE-2019-3803 | Information Exposure vulnerability in Pivotal Software Concourse Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. | 5.0 |
| 2018-12-19 | CVE-2018-15798 | Open Redirect vulnerability in Pivotal Software Concourse Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. | 5.8 |
| 2018-03-13 | CVE-2018-1227 | Unspecified vulnerability in Pivotal Software Concourse Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer obtained the Concourse software from a DNS domain that is no longer controlled by Pivotal. | 5.0 |