6.1CVSS
6.2AI Score
0.002EPSS
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victimβs credentials, because the Origin header is not restricted. This ...
9.6CVSS
9AI Score
0.003EPSS
Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:).
6.1CVSS
6AI Score
0.001EPSS