CVE-2018-1227

Name of the Vulnerable Software and Affected Versions Pivotal Concourse versions after 2018-03-05

Description The issue affects Pivotal Concourse, potentially allowing remote attackers to have an unspecified impact if a customer obtained the software from a DNS domain no longer controlled by Pivotal. The original domain for the Concourse CI open source project has been registered by an unknown actor and is no longer the official website. Customers who accessed the "concourse-dot-ci" domain after March 6, 2018, 18:00:00 EST, might be affected.

Recommendations For versions after 2018-03-05, immediately begin using the concourse-ci.org domain instead of "concourse-dot-ci" for downloads. Customers can also safely access Concourse software from the traditionally available locations on the Pivotal Network or GitHub.