Eugeny

**Name of the Vulnerable Software and Affected Versions** Warpgate versions prior to 0.23.3 **Description** The SSO flow fails to validate the `state` parameter. This allows an attacker to trick a user into logging into an account controlled by the attacker, which could lead the user to perform sensitive actions, such as writing sensitive data to an SSH target or logging into an HTTP target configured by the attacker. **Recommendations** Update to version 0.23.3.