52 matches found
CVE-2023-0957
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This...
Cross site scripting
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This...
CVE-2023-0957
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This...
CVE-2023-0957
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This...
CVE-2023-0957
CVE-2023-0957 describes a Cross-Site WebSocket Hijacking (CSWSH) vulnerability in Gitpod versions prior to release-2022.11.2.16. The issue arises because the Origin header is not restricted, allowing an attacker to initiate WebSocket connections to the Gitpod JSONRPC server using a victim’s crede...
Gitpod 访问控制错误漏洞
Gitpod is an open source Kubernetes application for automated and ready-to-use code development environments that can be integrated into your existing workflow. Gitpod has a security vulnerability that stems from the presence of a Cross-Site WebSocket Hijacking CSWSH vulnerability, which can be...
CVE-2021-35206
Gitpod before 0.6.0 allows unvalidated redirects...
CVE-2021-35206
Gitpod before 0.6.0 allows unvalidated redirects...
Design/Logic Flaw
Gitpod before 0.6.0 allows unvalidated redirects...
CVE-2021-35206
Gitpod before 0.6.0 contains an unvalidated-redirect vulnerability. Affected software: Gitpod prior to version 0.6.0. Root cause: unvalidated redirects. Impact and exploit status are not elaborated beyond the CVE description; remediation is to upgrade to 0.6.0 or newer where the issue is addresse...
CVE-2021-35206
Gitpod before 0.6.0 allows unvalidated redirects...
Gitpod 输入验证错误漏洞
Gitpod is an open source Kubernetes application for automated and ready-to-use code development environments that can be integrated into your existing workflow. A security vulnerability exists in Gitpod versions prior to 0.6.0 that allows unauthenticated redirection...