CVE-2022-31683 — Vulnetix

CVE-2022-31683 PUBLISHED

Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team.

EPSS 0.22% · 44.1th percentile

Risk Scores

EPSS Score

0.22%

44.1th percentile

Affected Products

Vendor	Product	Versions
Bitnami	concourse	7.0.0, 7.0.0, 6.0.0
Bitnami	concourse	7.0.0, 6.0.0

Timeline

Oct 19, 2022 CVE Published
Dec 20, 2022 EPSS Score
Jan 31, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 13, 2023 EPSS Score
Apr 24, 2023 EPSS Score
Jun 4, 2023 EPSS Score
Jul 16, 2023 EPSS Score
Aug 26, 2023 EPSS Score
Oct 7, 2023 EPSS Score
Nov 17, 2023 EPSS Score
Dec 29, 2023 EPSS Score

References

https://github.com/concourse/concourse/security/advisories/GHSA-5jp2-vwrj-99rf url
https://nvd.nist.gov/vuln/detail/CVE-2022-31683 url

Open in Interactive Console →