Unvalidated Redirects Vulnerability in Gitpod by Gitpod.io
CVE-2021-35206

6.1MEDIUM

Key Information:

Vendor

Gitpod

Status
Gitpod
Vendor
CVE Published:
22 June 2021

What is CVE-2021-35206?

The vulnerability in Gitpod prior to version 0.6.0 involves unvalidated redirects, potentially enabling attackers to redirect users to unauthorized locations. Such flaws can lead to phishing attacks, data breaches, and compromise secure user sessions. It is essential for users to update to the patched version to mitigate these risks and secure their environments.

References

https://github.com/gitpod-io/gitpod/pull/2879
x_refsource_MISC
https://github.com/gitpod-io/gitpod/pull/2879#issuecommen...
x_refsource_MISC
https://github.com/gitpod-io/gitpod/pull/4567
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-35206 : Unvalidated Redirects Vulnerability in Gitpod by Gitpod.io