Lucene search
GoogleOSV:CVE-2020-5409HistoryMay 14, 2020 - 12:15 a.m.
CVE-2020-5409
2020-05-1400:15:11
Google
osv.dev
5
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user’s access token in Concourse. (This issue is similar to, but distinct from, CVE-2018-15798.)
References
Related
osv
osv
BIT-concourse-2020-5409
2024-03-06 10:51:15
Pivotal Concourse Open Redirect in Login Flow
2022-02-15 01:57:18
CVE-2018-15798
2018-12-19 22:29:00
cvelist
cvelist
CVE-2020-5409 Concourse Open Redirect in the /sky/login endpoint
2020-05-13 23:15:17
CVE-2018-15798 Pivotal Concourse allows malicious redirect urls on login
2018-12-19 22:00:00
nvd
nvd
CVE-2020-5409
2020-05-14 00:15:11
CVE-2018-15798
2018-12-19 22:29:00
cve
cve
CVE-2020-5409
2020-05-14 00:15:11
CVE-2018-15798
2018-12-19 22:29:00
prion
prion
Code injection
2020-05-14 00:15:00
Design/Logic Flaw
2018-12-19 22:29:00
github
github
Pivotal Concourse Open Redirect in Login Flow
2022-02-15 01:57:18