CVE-2019-3792 MEDIUM

CVE-2019-3792: Concourse 5.0.0 SQL Injection vulnerability

Vendor Pivotal

Product Concourse

Weakness CWE-89 · SQLi

Published April 1, 2019

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality High

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H

What the vulnerability does

01Description

Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data.

Key dates

02Disclosure timeline

April 1, 2019 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-3792 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

CVE-2019-3792: Concourse 5.0.0 SQL Injection vulnerability

01Description

02Disclosure timeline

03References

04Related CVE