Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data.
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:HPivotal Software Concourse
APPPivotal Software< 5.0.1
Related vulnerabilities
Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnera...
Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A r...
Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer o...
Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse ...
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A r...