3 matches found
CVE-2023-32766
Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three vscode: vscode-insiders: jetbrains-gateway:...
CVE-2023-32766
CVE-2023-32766 affects Gitpod prior to 2022.11.3, where an XSS arises from redirects to non-trusted protocols outside the approved set (vscode:, vscode-insiders:, jetbrains-gateway:). The root cause is improper URL handling that allows attacker-controlled or crafted URLs to redirect a user’s brow...
CVE-2023-32766
Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three vscode: vscode-insiders: jetbrains-gateway:...