{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T13:42:36.681","vulnerabilities":[{"cve":{"id":"CVE-2019-3803","sourceIdentifier":"security_alert@emc.com","published":"2019-01-12T00:29:00.197","lastModified":"2024-11-21T04:42:34.370","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user's browser history could obtain the access token and use it to authenticate as the user."},{"lang":"es","value":"Pivotal Concourse, en todas las versiones anteriores a la 4.2.2, coloca el token de acceso del usuario en una URL durante el flujo de inicio de sesión. Un atacante remoto que consiga acceder al historial de navegación de un usuario podría obtener el token de acceso y emplearlo para autenticarse como dicho usuario."}],"metrics":{"cvssMetricV30":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":4.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:concourse:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.2","matchCriteriaId":"9F8F1A77-17D9-4FC5-92DC-5CC20BC303F8"}]}]}],"references":[{"url":"https://pivotal.io/security/cve-2019-3803","source":"security_alert@emc.com","tags":["Vendor Advisory"]},{"url":"https://pivotal.io/security/cve-2019-3803","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}