CVE-2022-31683

Published: Dec 19, 2022

Modified: Apr 16, 2025

PUBLISHED

Description

Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team.

Vendor	Product	Versions
n/a	Concourse	affected `Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9)`

References

https://github.com/concourse/concourse/security/advisories/GHSA-5jp2-vwrj-99rf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-31683

Description

Affected Products

References