PT-2023-24012 · Gitpod · Gitpod
Govulnbot
·
Publicado
2023-06-05
·
Atualizado
2023-06-10
·
CVE-2023-32766
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Gitpod versions prior to 2022.11.3
Description
The issue allows for XSS because redirection can occur for some protocols outside of the trusted set of three, which includes
vscode:, vscode-insiders:, and jetbrains-gateway:.Recommendations
For versions prior to 2022.11.3, update to version 2022.11.3 or later to resolve the issue.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gitpod