CVE-2020-5409: Concourse Open Redirect in the /sky/login endpoint
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse. (This issue is similar to, but distinct from, CVE-2018-15798.)
Affected VMware Products and Versions
Severity is high unless otherwise noted.
- All versions prior to 6.0.0 unless noted below
- All versions prior to 5.2.8
- All 5.3.x versions
- All 5.4.x versions
- All 5.5.x versions prior to 5.5.10
- All 5.6.x versions
- All 5.7.x versions
- All 5.8.x versions prior to 5.8.1
Users of affected versions should apply the following mitigation or upgrade:
mik317 of HackerOne
2020-05-13: Initial vulnerability report published.