Kwetsbaarheid CVE-2019-3803

Pivotal Concourse, All Versions Prior To 4.2.2, Puts The User Access Token In A Url During The Login Flow. A Remote Attacker Who Gains Access To A User's Browser History Could Obtain The Access Token And Use It To Authenticate As The User.

Algemeen

CVE
CVE-2019-3803
Leverancier(s) betrokken
Omschrijving
Pivotal Concourse, All Versions Prior To 4.2.2, Puts The User Access Token In A Url During The Login Flow. A Remote Attacker Who Gains Access To A User's Browser History Could Obtain The Access Token And Use It To Authenticate As The User.
Publicatie
Vrijdag, 11 Januari 2019
Gewijzigd
Maandag, 28 Januari 2019 23:00
Ernst
Medium

Referenties

Modificatie geschiedenis

Geef hieronder je email adres op en word op de hoogte gehouden van aanpassingen aan deze CVE