CVE-2020-5409

HIGH Year: 2020
CVSS v3 Score
7.6
High
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-601
View all →

Vulnerability Description

Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse. (This issue is similar to, but distinct from, CVE-2018-15798.)

Related Vulnerabilities

CVE-2024-51321

HIGH
CVSS:7.6(High)

In Zucchetti Ad Hoc Infinity 2.4, an improper check on the m_cURL parameter allows an attacker to redirect the victim to an attacker-controlled website after the authentication.

CWE-6012024

CVE-2019-6781

HIGH
CVSS:7.5(High)

An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to i...

CWE-6012019

CVE-2020-24554

HIGH
CVSS:7.5(High)

The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by m...

CWE-6012020

CVE-2023-49240

HIGH
CVSS:7.5(High)

Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality.

CWE-6012023

CVE-2024-4773

HIGH
CVSS:7.5(High)

When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affect...

CWE-6012024

CVE-2016-0928

HIGH
CVSS:7.4(High)

Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct p...

CWE-6012016