PT-2023-24012 · Gitpod · Gitpod
Govulnbot
·
Published
2023-06-05
·
Updated
2023-06-10
·
CVE-2023-32766
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Gitpod versions prior to 2022.11.3
Description
The issue allows for XSS because redirection can occur for some protocols outside of the trusted set of three, which includes
vscode:, vscode-insiders:, and jetbrains-gateway:.Recommendations
For versions prior to 2022.11.3, update to version 2022.11.3 or later to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitpod