Lucene search

CVE-2024-21583

🗓️ 19 Jul 2024 05:10:15Reported by snykType

Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122 are vulnerable to Cookie Tossing due to a missing __Host- prefix on the _gitpod_io_jwt2_ session cookie, allowing an adversary to set the cookie value and take specific actions

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
OSV	GHSA-8PGC-65MJ-53H5 github.com/gitpod-io/gitpod vulnerable to Cookie Tossing	19 Jul 202406:31	–	osv
OSV	CVE-2024-21583	19 Jul 202405:15	–	osv
OSV	GO-2024-2997 CVE-2024-21583 in github.com/gitpod-io/gitpod	22 Jul 202418:24	–	osv
Github Security Blog	github.com/gitpod-io/gitpod vulnerable to Cookie Tossing	19 Jul 202406:31	–	github
NVD	CVE-2024-21583	19 Jul 202405:15	–	nvd
Cvelist	CVE-2024-21583	19 Jul 202405:00	–	cvelist
Vulnrichment	CVE-2024-21583	19 Jul 202405:00	–	vulnrichment
Veracode	Cookie Tossing	22 Jul 202420:07	–	veracode

[
  {
    "product": "github.com/gitpod-io/gitpod/components/server/go/pkg/lib",
    "versions": [
      {
        "version": "0",
        "lessThan": "main-gha.27122",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "vendor": "n/a"
  },
  {
    "product": "github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy",
    "versions": [
      {
        "version": "0",
        "lessThan": "main-gha.27122",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "vendor": "n/a"
  },
  {
    "product": "github.com/gitpod-io/gitpod/install/installer/pkg/components/auth",
    "versions": [
      {
        "version": "0",
        "lessThan": "main-gha.27122",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "vendor": "n/a"
  },
  {
    "product": "github.com/gitpod-io/gitpod/install/installer/pkg/components/public-api-server",
    "versions": [
      {
        "version": "0",
        "lessThan": "main-gha.27122",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "vendor": "n/a"
  },
  {
    "product": "github.com/gitpod-io/gitpod/install/installer/pkg/components/server",
    "versions": [
      {
        "version": "0",
        "lessThan": "main-gha.27122",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "vendor": "n/a"
  },
  {
    "product": "@gitpod/gitpod-protocol",
    "versions": [
      {
        "version": "0",
        "lessThan": "0.1.5-main-gha.27122",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "vendor": "n/a"
  }
]

Source	Link
security	www.security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODCOMPONENTSSERVERGOPKGLIB-7452074
security	www.security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODCOMPONENTSWSPROXYPKGPROXY-7452075
security	www.security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODINSTALLINSTALLERPKGCOMPONENTSPUBLICAPISERVER-7452077
github	www.github.com/gitpod-io/gitpod/commit/da1053e1013f27a56e6d3533aa251dbd241d0155
app	www.app.safebase.io/portal/71ccd717-aa2d-4a1e-942e-c768d37e9e0c/preview
github	www.github.com/gitpod-io/gitpod/pull/19973
security	www.security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODINSTALLINSTALLERPKGCOMPONENTSSERVER-7452078
security	www.security.snyk.io/vuln/SNYK-JS-GITPODGITPODPROTOCOL-7452079
security	www.security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODINSTALLINSTALLERPKGCOMPONENTSAUTH-7452076

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

19 Jul 2024 05:15Current

6.8Medium risk

Vulners AI Score6.8

CVSS34.1

EPSS0.00091

SSVC