Remote Code Execution Risk in Pivotal Concourse CI Software
CVE-2018-1227
What is CVE-2018-1227?
Pivotal Concourse software may allow remote attackers to exploit vulnerabilities if obtained from an outdated DNS domain. Previously, the 'concourse-dot-ci' domain used for downloading Concourse software was compromised and is no longer under the control of Pivotal. Users who downloaded the software from this domain after March 6, 2018, are at risk. It is crucial to switch to the new official domain, concourse-ci.org, to ensure secure access to the software, thus avoiding potential threats associated with the compromised domain.
Affected Version(s)
Concourse CI: As of 2018-03-13, Pivotal does not believe that any resources or builds of Concourse have been compromised. Concourse CI: As of 2018-03-13, Pivotal does not believe that any resources or builds of Concourse have been compromised.
