CVE-2020-5415

Concourse's GitLab auth allows impersonation

CVSS 10 CRITICALEPSS 1.2%CWE-290

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 10EPSS 1.2%KEV nãoPoC —Patch —

Lifecycle

12 Aug 2020Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Affected products

VMware Tanzu · Concourse

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj https://tanzu.vmware.com/security/cve-2020-5415