CVE-2019-3792 is a vulnerability in Pivotal Software Concourse
Published on April 1, 2019
Concourse 5.0.0 SQL Injection vulnerability
Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data.
Weakness Type
What is a SQL Injection Vulnerability?
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
CVE-2019-3792 has been classified to as a SQL Injection vulnerability or weakness.
Products Associated with CVE-2019-3792
Want to know whenever a new CVE is published for Pivotal Software Concourse? stack.watch will email you.
Affected Versions
Pivotal Concourse:- Version All and below v5.0.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.