Vulnerability-Lookup

CVE-2020-5415 (GCVE-0-2020-5415)

Vulnerability from cvelistv5 – Published: 2020-08-12 16:40 – Updated: 2024-09-16 17:53

Title

Concourse's GitLab auth allows impersonation

Summary

Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team.

Severity ?

10 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

CWE

CWE-290 - Authentication Bypass by Spoofing

Assigner

pivotal

References

URL

	Vendor	Product	Version
	VMware Tanzu	Concourse	Affected: 6.4 , < 6.4.1 (custom) Affected: 6.3 , < 6.3.1 (custom)

GSD-2020-5415

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-5415

Aliases

CVE-2020-5415

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-5415",
    "description": "Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team.",
    "id": "GSD-2020-5415"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-5415"
      ],
      "details": "Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team.",
      "id": "GSD-2020-5415",
      "modified": "2023-12-13T01:22:03.885149Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@pivotal.io",
        "DATE_PUBLIC": "2020-08-12T02:35:17.000Z",
        "ID": "CVE-2020-5415",
        "STATE": "PUBLIC",
        "TITLE": "Concourse\u0027s GitLab auth allows impersonation"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Concourse",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "6.4",
                          "version_value": "6.4.1"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "6.3",
                          "version_value": "6.3.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "VMware Tanzu"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 10,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-290: Authentication Bypass by Spoofing"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj",
            "refsource": "CONFIRM",
            "url": "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj"
          },
          {
            "name": "https://tanzu.vmware.com/security/cve-2020-5415",
            "refsource": "CONFIRM",
            "url": "https://tanzu.vmware.com/security/cve-2020-5415"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003cv6.3.1 || \u003e=v6.4.0 \u003cv6.4.1",
          "affected_versions": "All versions before 6.3.1, all versions starting from 6.4.0 before 6.4.1",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-290",
            "CWE-937"
          ],
          "date": "2020-08-19",
          "description": "Concourse, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team.",
          "fixed_versions": [
            "v6.3.1",
            "v6.4.1"
          ],
          "identifier": "CVE-2020-5415",
          "identifiers": [
            "CVE-2020-5415",
            "GHSA-627p-rr78-99rj"
          ],
          "not_impacted": "All versions starting from 6.3.1, all versions starting from 6.4.1",
          "package_slug": "go/github.com/concourse/concourse",
          "pubdate": "2020-08-12",
          "solution": "Upgrade to version 6.3.1, 6.4.1 or above",
          "title": "Authentication Bypass by Spoofing",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-5415"
          ],
          "uuid": "c21465b4-ebdd-4cc1-a676-ce203279df36",
          "versions": [
            {
              "commit": {
                "sha": "0db34b4844310c2c2a85ff32d7d22011066798fb",
                "tags": [
                  "v6.4.0"
                ],
                "timestamp": "20200715204345"
              },
              "number": "v6.4.0"
            },
            {
              "commit": {
                "sha": "01d9f3324ecde63d7f648122620bc17e45323f9a",
                "tags": [
                  "v6.4.1"
                ],
                "timestamp": "20200730192304"
              },
              "number": "v6.4.1"
            },
            {
              "commit": {
                "sha": "427db2dc7141dd1909125d33c121c789831c49f0",
                "tags": [
                  "v6.3.1"
                ],
                "timestamp": "20200730222113"
              },
              "number": "v6.3.1"
            }
          ]
        },
        {
          "affected_range": "=6.4.0||=6.3.0",
          "affected_versions": "Version 6.4.0, version 6.3.0",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-290",
            "CWE-937"
          ],
          "date": "2021-12-20",
          "description": "Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team.",
          "fixed_versions": [
            "6.4.1",
            "6.4.1"
          ],
          "identifier": "CVE-2020-5415",
          "identifiers": [
            "GHSA-627p-rr78-99rj",
            "CVE-2020-5415"
          ],
          "not_impacted": "All versions before 6.4.0, all versions after 6.4.0, all versions before 6.3.0, all versions after 6.3.0",
          "package_slug": "go/github.com/concourse/dex",
          "pubdate": "2021-12-20",
          "solution": "Upgrade to versions 6.4.1, 6.4.1 or above.",
          "title": "Authentication Bypass by Spoofing",
          "urls": [
            "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj",
            "https://nvd.nist.gov/vuln/detail/CVE-2020-5415",
            "https://tanzu.vmware.com/security/cve-2020-5415",
            "https://github.com/advisories/GHSA-627p-rr78-99rj"
          ],
          "uuid": "4b18761a-e775-4514-8d91-801e63ccd1ce"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:concourse:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:concourse:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.1",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@pivotal.io",
          "ID": "CVE-2020-5415"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-290"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tanzu.vmware.com/security/cve-2020-5415",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2020-5415"
            },
            {
              "name": "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.8
        }
      },
      "lastModifiedDate": "2020-08-19T14:04Z",
      "publishedDate": "2020-08-12T17:15Z"
    }
  }
}

GHSA-627P-RR78-99RJ

Vulnerability from github – Published: 2021-12-20 17:56 – Updated: 2025-07-22 16:13

Summary

GitLab auth uses full name instead of username as user ID, allowing impersonation

Details

Impact

Installations which use the GitLab auth connector are vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another GitLab user who is granted access to a Concourse team by having their full name listed under users in the team configuration or given to the --gitlab-user flag.

See the GitLab auth docs for details.

Concourse installations which do not configure the GitLab auth connector are not affected.

Patches

Concourse v6.3.1 and v6.4.1 were both released with a fix on August 4th, 2020.

Both versions change the GitLab connector to use the username, rather than the full name. This was always the intent, and the previous behavior was originally reported as a bug (concourse/dex#7) prior to being reported as a security issue.

Any Concourse teams which configure GitLab users will have to switch each user from their full name to their username upon upgrading to these versions.

Workarounds

GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team.

References

concourse/dex#12: PR with the fix

For more information

If you have any questions or comments about this advisory, you may reach us privately at concourseteam+security@gmail.com.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/concourse/concourse"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.4.0"
            },
            {
              "fixed": "6.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "6.4.0"
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.3.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/concourse/concourse"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.6.1"
            },
            {
              "fixed": "6.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/concourse/dex"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.4.0"
            },
            {
              "fixed": "6.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "6.4.0"
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 6.3.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/concourse/dex"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0"
            },
            {
              "fixed": "6.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/concourse/dex"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20200730150203-821b48abfd88"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/concourse/concourse"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20200730151558-b00d1c8d8576"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/concourse/concourse"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0"
            },
            {
              "fixed": "1.6.1-0.20200730151558-b00d1c8d8576"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-5415"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-290"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-24T17:56:03Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\n\nInstallations which use the GitLab auth connector are vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another GitLab user who is granted access to a Concourse team by having their full name listed under `users` in the team configuration or given to the `--gitlab-user` flag.\n\nSee the [GitLab auth docs](https://concourse-ci.org/gitlab-auth.html) for details.\n\nConcourse installations which do not configure the GitLab auth connector are not affected.\n\n### Patches\n\nConcourse [v6.3.1](https://github.com/concourse/concourse/releases/tag/v6.3.1) and [v6.4.1](https://github.com/concourse/concourse/releases/tag/v6.4.1) were both released with a fix on August 4th, 2020.\n\nBoth versions change the GitLab connector to use the username, rather than the full name. This was always the intent, and the previous behavior was originally reported as a bug (concourse/dex#7) prior to being reported as a security issue.\n\nAny Concourse teams which configure GitLab users will have to switch each user from their full name to their username upon upgrading to these versions.\n\n### Workarounds\n\nGitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team.\n\n### References\n\n* concourse/dex#12: PR with the fix\n\n### For more information\n\nIf you have any questions or comments about this advisory, you may reach us privately at [concourseteam+security@gmail.com](mailto:concourseteam+security@gmail.com).",
  "id": "GHSA-627p-rr78-99rj",
  "modified": "2025-07-22T16:13:01Z",
  "published": "2021-12-20T17:56:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5415"
    },
    {
      "type": "WEB",
      "url": "https://tanzu.vmware.com/security/cve-2020-5415"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "GitLab auth uses full name instead of username as user ID, allowing impersonation"
}

FKIE_CVE-2020-5415

Vulnerability from fkie_nvd - Published: 2020-08-12 17:15 - Updated: 2024-11-21 05:34

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Summary

References

URL	Tags
security@pivotal.io	https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj	Patch, Third Party Advisory
security@pivotal.io	https://tanzu.vmware.com/security/cve-2020-5415	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tanzu.vmware.com/security/cve-2020-5415	Third Party Advisory

Impacted products

	Vendor	Product	Version
	pivotal_software	concourse	*
	pivotal_software	concourse	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pivotal_software:concourse:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D808A55-A17A-4DB6-BBA0-5D7166BD2755",
              "versionEndExcluding": "6.3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:concourse:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D28012E-8883-447B-92A0-478ABCF19AF8",
              "versionEndExcluding": "6.4.1",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team."
    },
    {
      "lang": "es",
      "value": "Concourse, versiones anteriores a 6.3.1 y 6.4.1, en instalaciones que utilizan el conector de autenticaci\u00f3n de GitLab, es vulnerable a la suplantaci\u00f3n de identidad mediante la configuraci\u00f3n de una cuenta de GitLab con el mismo nombre completo que otro usuario al que se le concede acceso a un equipo de Concourse. Los grupos de GitLab no tienen esta vulnerabilidad, por lo que los usuarios de GitLab pueden ser movidos a grupos que luego son configurados en el equipo de Concourse"
    }
  ],
  "id": "CVE-2020-5415",
  "lastModified": "2024-11-21T05:34:07.587",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "security@pivotal.io",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.8,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-12T17:15:12.633",
  "references": [
    {
      "source": "security@pivotal.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj"
    },
    {
      "source": "security@pivotal.io",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2020-5415"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2020-5415"
    }
  ],
  "sourceIdentifier": "security@pivotal.io",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-290"
        }
      ],
      "source": "security@pivotal.io",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-290"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

bit-concourse-2020-5415

Vulnerability from bitnami_vulndb

Published

2024-03-06 10:51

Modified

2025-05-20 10:02

Summary

Concourse's GitLab auth allows impersonation

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "concourse",
        "purl": "pkg:bitnami/concourse"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.3.1"
            },
            {
              "introduced": "6.4.0"
            },
            {
              "fixed": "6.4.1"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-5415"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:pivotal_software:concourse:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
  },
  "details": "Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team.",
  "id": "BIT-concourse-2020-5415",
  "modified": "2025-05-20T10:02:07.006Z",
  "published": "2024-03-06T10:51:03.790Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj"
    },
    {
      "type": "WEB",
      "url": "https://tanzu.vmware.com/security/cve-2020-5415"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5415"
    }
  ],
  "schema_version": "1.5.0",
  "summary": "Concourse\u0027s GitLab auth allows impersonation"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-5415 (GCVE-0-2020-5415)

GSD-2020-5415

GHSA-627P-RR78-99RJ

Impact

Patches

Workarounds

References

For more information

FKIE_CVE-2020-5415

bit-concourse-2020-5415

Vulnerability from bitnami_vulndb

Tags

Sightings

Nomenclature