Remote Code Execution Risk in Pivotal Concourse CI Software
CVE-2018-1227

7.5HIGH

What is CVE-2018-1227?

Pivotal Concourse software may allow remote attackers to exploit vulnerabilities if obtained from an outdated DNS domain. Previously, the 'concourse-dot-ci' domain used for downloading Concourse software was compromised and is no longer under the control of Pivotal. Users who downloaded the software from this domain after March 6, 2018, are at risk. It is crucial to switch to the new official domain, concourse-ci.org, to ensure secure access to the software, thus avoiding potential threats associated with the compromised domain.

Affected Version(s)

Concourse CI: As of 2018-03-13, Pivotal does not believe that any resources or builds of Concourse have been compromised. Concourse CI: As of 2018-03-13, Pivotal does not believe that any resources or builds of Concourse have been compromised.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.