CVE-2018-1227
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer obtained the Concourse software from a DNS domain that is no longer controlled by Pivotal. The original domain for the Concourse CI (concourse-dot-ci) open source project has been registered by an unknown actor, and is therefore no longer the official website for Concourse CI. The new official domain is concourse-ci.org. At approximately 4 am EDT on March 7, 2018 the Concourse OSS team began receiving reports that the Concourse domain was not responding. The Concourse OSS team discovered, upon investigation with both the original and the new domain registrars, that the originating domain registrar had made the domain available for purchase. This was done despite the domain being renewed by the Concourse OSS team through August 2018. For a customer to be affected, they would have needed to access a download from a "concourse-dot-ci" domain web site after March 6, 2018 18:00:00 EST. Accessing that domain is NOT recommended by Pivotal. Anyone who had been using that domain should immediately begin using the concourse-ci.org domain instead. Customers can also safely access Concourse software from the traditionally available locations on the Pivotal Network or GitHub.
Pivotal Concourse, tras 2018-03-05, podría permitir que atacantes remotos provoquen un impacto sin especificar si un cliente obtuviese el software Concourse de un dominio DNS que ya no esté controlado por Pivotal. El dominio original para el proyecto Concourse CI (concourse-dot-ci) ha sido registrado por un actor desconocido y ya no es el sitio oficial de Concourse CI. El nuevo dominio oficial es concourse-ci.org. A las 4 am EDT aproximadamente el 7 de marzo de 2018, el equipo Concourse OSS comenzó a recibir informes indicando que el dominio Concourse no respondía. El equipo de Concourse OSS descubrió, tras investigar tanto el registrador original como el del nuevo dominio, que el registrador de dominio original había puesto ese dominio en venta. Esto se realizó a pesar de que el dominio había sido renovado por el equipo de Concourse OSS en agosto de 2018. Para que un consumidor se vea afectado, hubiesen tenido que acceder a una descarga de un sitio web de dominio "concourse-dot-ci" a partir del 6 de marzo de 2018 a las 18:00:00 EST. Pivotal NO recomienda acceder a ese dominio. Cualquiera que haya estado empleado ese dominio debería comenzar a utilizar inmediatamente el dominio concourse-ci.org. Los consumidores también puede acceder de forma segura al software de Concourse a través de las ubicaciones tradicionales en la red Pivotal o en GitHub.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-06 CVE Reserved
- 2018-03-13 CVE Published
- 2024-08-05 CVE Updated
- 2024-11-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://pivotal.io/security/cve-2018-1227 | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Pivotal Software Search vendor "Pivotal Software" | Concourse Search vendor "Pivotal Software" for product "Concourse" | >= 3.9.2 Search vendor "Pivotal Software" for product "Concourse" and version " >= 3.9.2" | - |
Affected
| ||||||