Pivotal Concourse allows malicious redirect urls on login

Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse.

N/A

N/A

Pivotal Concourse 安全漏洞

Pivotal Concourse是美国Pivotal Software公司一套用于持续开发的软件交付控制系统。 Pivotal Concourse 4.2.2之前的4.x版本中存在安全漏洞。远程攻击者可通过诱使用户点击特制的链接利用该漏洞访问用户在Concourse中的访问令牌。

N/A

N/A