Skip to main content

Gitpod

3 CVEs product

Monthly

CVE-2023-32766 Go MEDIUM PATCH This Month

Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Gitpod
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-0957 CRITICAL PATCH Act Now

An issue was discovered in Gitpod versions prior to release-2022.11.2.16. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Gitpod
NVD GitHub
CVSS 3.1
9.6
EPSS
0.4%
CVE-2021-35206 MEDIUM POC PATCH This Month

Gitpod before 0.6.0 allows unvalidated redirects. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Gitpod
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Gitpod
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

An issue was discovered in Gitpod versions prior to release-2022.11.2.16. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Gitpod
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Gitpod before 0.6.0 allows unvalidated redirects. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Gitpod
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy