Miggo Logo

CVE-2018-15798: Pivotal Concourse Open Redirect in Login Flow

5.4

CVSS Score
3.1

Basic Information

EPSS Score
0.70315%
Published
2/15/2022
Updated
10/2/2023
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/concourse/concoursego< 5.2.85.2.8
github.com/concourse/concoursego>= 5.3.0, < 5.5.105.5.10
github.com/concourse/concoursego>= 5.6.0, < 5.8.15.8.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit diff shows a critical change in the Redirect handler where redirectURL.Path was replaced with redirectURL.EscapedPath(). This indicates the original Path usage didn't properly escape user-controlled redirect targets, enabling open redirects. The CVE description explicitly mentions the oAuth redirect vulnerability in the login flow handled by this component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Pivot*l *on*ours* R*l**s*, v*rsions *.x prior to *.*.*, lo*in *low *llows r**ir**ts to untrust** w**sit*s. * r*mot* un*ut**nti**t** *tt**k*r *oul* *onvin** * us*r to *li*k on * link usin* t** o*ut* r**ir**t link wit* *n untrust** w**sit* *n* **in ***

Reasoning

T** *ommit *i** s*ows * *riti**l ***n** in t** R**ir**t **n*l*r w**r* `r**ir**tURL.P*t*` w*s r*pl**** wit* `r**ir**tURL.*s**p**P*t*()`. T*is in*i**t*s t** ori*in*l `P*t*` us*** *i*n't prop*rly *s**p* us*r-*ontroll** r**ir**t t*r**ts, *n**lin* op*n r*