CVE-2025-55750

Name of the Vulnerable Software and Affected Versions Gitpod versions prior to main-gha.33628

Description Gitpod, a developer platform for cloud development environments, experienced an issue where OAuth integration with Bitbucket, under specific conditions, could expose a valid Bitbucket access token via the URL fragment when a crafted link was clicked by an authenticated user. This occurred due to the way Bitbucket returned tokens and how Gitpod handled the redirect flow. The issue was limited to Bitbucket integrations and required user interaction.

Recommendations Update to version main-gha.33628 or later.