Support Content Notification - Support Portal

CVE-2020-5409: Concourse Open Redirect in the /sky/login endpoint

Product/Component

Notification Id

23894

Last Updated

13 May 2020

Initial Publication Date

13 May 2020

Status

CLOSED

Severity

HIGH

CVSS Base Score

WorkAround

Affected CVE

CVE-2020-5409

Severity

High

Vendor

Pivotal

Description

Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse. (This issue is similar to, but distinct from, CVE-2018-15798.)

Affected VMware Products and Versions

Severity is high unless otherwise noted.

Concourse
- All versions prior to 6.0.0 unless noted below
- All versions prior to 5.2.8
- All 5.3.x versions
- All 5.4.x versions
- All 5.5.x versions prior to 5.5.10
- All 5.6.x versions
- All 5.7.x versions
- All 5.8.x versions prior to 5.8.1

Mitigation

Users of affected versions should apply the following mitigation or upgrade:

Concourse
- 5.2.8
- 5.5.10
- 5.8.1
- 6.0.0

Credit

mik317 of HackerOne

References

https://tanzu.vmware.com/security/cve-2018-15798

History

2020-05-13: Initial vulnerability report published.