Security Advisory

CVE-2019-3803

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-01-12 01:00:00

Last updated 2024-09-16 20:36:24

Assigner dell

State PUBLISHED

Description

Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a users browser history could obtain the access token and use it to authenticate as the user.

← Browse all CVEs View on cve.org ↗