Untrusted Website Redirect Vulnerability in Pivotal Concourse Release 4.x prior to 4.2.2

Untrusted Website Redirect Vulnerability in Pivotal Concourse Release 4.x prior to 4.2.2

CVE-2018-15798 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse.

Learn more about our Web App Pen Testing.