CVE-2018-15798 - OpenCVE

Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Pivotal Software	Concourse

Configuration 1 [-]

cpe:2.3:a:pivotal_software:concourse:*:*:*:*:*:*:*:*

References

Link	Resource
https://pivotal.io/security/cve-2018-15798	Release Notes Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: dell

Published: 2018-12-13T00:00:00

Updated: 2018-12-19T21:57:01

Reserved: 2018-08-23T00:00:00

Link: CVE-2018-15798

JSON object: View

NVD Information

Status : Modified

Published: 2018-12-19T22:29:00.547

Modified: 2019-10-09T23:35:54.703

Link: CVE-2018-15798

JSON object: View

Redhat Information

No data.

CWE

CWE-601

{"containers": {"cna": {"affected": [{"product": "Concourse", "vendor": "Pivotal", "versions": [{"lessThan": "4.2.2", "status": "affected", "version": "4.x", "versionType": "custom"}]}], "datePublic": "2018-12-13T00:00:00", "descriptions": [{"lang": "en", "value": "Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Open Redirect", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-19T21:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://pivotal.io/security/cve-2018-15798"}], "source": {"discovery": "UNKNOWN"}, "title": "Pivotal Concourse allows malicious redirect urls on login", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "DATE_PUBLIC": "2018-12-13T00:00:00.000Z", "ID": "CVE-2018-15798", "STATE": "PUBLIC", "TITLE": "Pivotal Concourse allows malicious redirect urls on login"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Concourse", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "4.x", "version_value": "4.2.2"}]}}]}, "vendor_name": "Pivotal"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Open Redirect"}]}]}, "references": {"reference_data": [{"name": "https://pivotal.io/security/cve-2018-15798", "refsource": "CONFIRM", "url": "https://pivotal.io/security/cve-2018-15798"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2018-15798", "datePublished": "2018-12-13T00:00:00", "dateReserved": "2018-08-23T00:00:00", "dateUpdated": "2018-12-19T21:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:concourse:*:*:*:*:*:*:*:*", "matchCriteriaId": "F117BA6F-AED5-4345-AECC-45DD11C23708", "versionEndExcluding": "4.2.2", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse."}, {"lang": "es", "value": "Pivotal Concourse Release, en versiones 4.x anteriores a la 4.2.2, el flujo de inicio de sesi\u00f3n permite las redirecciones a sitios web no fiables. Un atacante remoto no autenticado podr\u00eda convencer a un usuario para que haga clic en un enlace mediante el enlace oAuth de redirecci\u00f3n en un sitio web no fiable y obtener acceso al token de acceso de dicho usuario en Concourse."}], "id": "CVE-2018-15798", "lastModified": "2019-10-09T23:35:54.703", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2018-12-19T22:29:00.547", "references": [{"source": "security_alert@emc.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://pivotal.io/security/cve-2018-15798"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}