Lucene search
DellCVELIST:CVE-2019-3803HistoryJan 12, 2019 - 1:00 a.m.
CVE-2019-3803 Concourse includes token in CLI authentication callback
2019-01-1201:00:00
CWE-200
dell
www.cve.org
1
CVSS3
4.5
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS
0.003
Percentile
70.7%
Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user’s browser history could obtain the access token and use it to authenticate as the user.
CNA Affected
[
{
"product": "Concourse",
"vendor": "Pivotal",
"versions": [
{
"lessThan": "4.2.2",
"status": "affected",
"version": "all versions",
"versionType": "custom"
}
]
}
]References
Related
prion
prion
Improper access control
2019-01-12 00:29:00
osv
osv
CVE-2019-3803
2019-01-12 00:29:00
cve
cve
CVE-2019-3803
2019-01-12 01:00:00
nvd
nvd
CVE-2019-3803
2019-01-12 00:29:00
CVSS3
4.5
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS
0.003
Percentile
70.7%
Related for CVELIST:CVE-2019-3803