CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-15798

Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.5%

CVSS Severity

CVSS v3 Score 7.6

CVSS v2 Score 5.8

References

https://pivotal.io/security/cve-2018-15798
https://pivotal.io/security/cve-2018-15798

Products affected by CVE-2018-15798

Pivotal Software » Concourse » Version: 4.0.0

cpe:2.3:a:pivotal_software:concourse:4.0.0
Pivotal Software » Concourse » Version: 4.1.0

cpe:2.3:a:pivotal_software:concourse:4.1.0
Pivotal Software » Concourse » Version: 4.2.0

cpe:2.3:a:pivotal_software:concourse:4.2.0
Pivotal Software » Concourse » Version: 4.2.1

cpe:2.3:a:pivotal_software:concourse:4.2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-15798

Products

Pricing

Contact Us