AI Score
Confidence
Low
EPSS
Percentile
70.7%
Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a userβs browser history could obtain the access token and use it to authenticate as the user.
pivotal.io/security/cve-2019-3803