Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Concourse includes token in CLI authentication callback
Vulnerability Description
Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user's browser history could obtain the access token and use it to authenticate as the user.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Pivotal Concourse 安全漏洞
Vulnerability Description
Pivotal Concourse是美国Pivotal Software公司一套用于持续开发的软件交付控制系统。 Pivotal Concourse 4.2.2之前版本中存在安全漏洞,该漏洞源于程序将用户的访问令牌放到URL中。远程攻击者可利用该漏洞获取访问令牌并以用户身份通过身份验证。
CVSS Information
N/A
Vulnerability Type
N/A