CVE-2019-3792

HIGH7.5EPSS 0.32%

Pivotal Concourse SQL Injection Vulnerability

發布日:2022/2/15修改日:2023/11/8

描述

Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data.

受影響套件(1)

Go/github.com/concourse/concoursefrom 0, < 5.0.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-3792
WEBhttps://github.com/concourse/concourse/blob/master/release-notes/v5.0.1.md#v501-note-1
WEBhttps://github.com/concourse/concourse/commit/dc3d15ab6c3a69890c9985f9c875d4c2949be727
WEBhttps://pivotal.io/security/cve-2019-3792