Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This can lead to the extraction of data from workspaces, to a full takeover of the workspace.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L
Vulnerability Type
CWE-1385
Vulnerability Title
Gitpod 访问控制错误漏洞
Vulnerability Description
Gitpod是一个开源的 Kubernetes 应用程序,用于自动化和即用型代码开发环境,可融入您现有的工作流程。 Gitpod存在安全漏洞,该漏洞源于存在一个跨站WebSocket劫持(CSWSH)漏洞,攻击者利用该漏洞可以从工作区中提取数据,从而完全接管工作区。
CVSS Information
N/A
Vulnerability Type
N/A