Security Advisory

CVE-2022-31683

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-12-19 00:00:00

Last updated 2025-04-16 13:57:09

Assigner vmware

State PUBLISHED

Description

Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team.

← Browse all CVEs View on cve.org ↗