All Vulnerability Reports

CVE-2020-5409: Concourse Open Redirect in the /sky/login endpoint


Severity

High

Vendor

Pivotal

Description

Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse. (This issue is similar to, but distinct from, CVE-2018-15798.)

Affected VMware Products and Versions

Severity is high unless otherwise noted.

  • Concourse
    • All versions prior to 6.0.0 unless noted below
    • All versions prior to 5.2.8
    • All 5.3.x versions
    • All 5.4.x versions
    • All 5.5.x versions prior to 5.5.10
    • All 5.6.x versions
    • All 5.7.x versions
    • All 5.8.x versions prior to 5.8.1

Mitigation

Users of affected versions should apply the following mitigation or upgrade:

  • Concourse
    • 5.2.8
    • 5.5.10
    • 5.8.1
    • 6.0.0

Credit

mik317 of HackerOne

References

History

2020-05-13: Initial vulnerability report published.