Cross-Site Scripting Vulnerability in Gitpod by Gitpod.io
CVE-2023-32766

6.1MEDIUM

Key Information:

Vendor: Gitpod
Status: Gitpod
Vendor: CVE Published:; 5 June 2023

What is CVE-2023-32766?

A vulnerability in Gitpod allows Cross-Site Scripting (XSS) due to improper handling of protocol redirection. Specifically, versions of Gitpod prior to 2022.11.3 expose users to XSS attacks as redirection can occur to protocols outside of the predefined trusted set, which includes vscode:, vscode-insiders:, and jetbrains-gateway:. This could permit malicious actors to exploit the system and compromise user security by injecting harmful scripts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.gitpod.io

https://github.com/gitpod-io/gitpod/commit/6771283c340658...

https://github.com/gitpod-io/gitpod/compare/release-2022....

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 5, 2023
Vulnerability Reserved
May 15, 2023

JSON

Gitpod

What is CVE-2023-32766?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.