Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-32766

Published: 05/06/2023 Updated: 09/06/2023
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Gitpod

Vulnerability Summary

Gitpod prior to 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:).

Vulnerable Product Search on Vulmon Subscribe to Product

gitpod gitpod

References

CWE-79https://github.com/gitpod-io/gitpod/releases/tag/2022.11.3https://github.com/gitpod-io/gitpod/pull/17559https://app.safebase.io/portal/71ccd717-aa2d-4a1e-942e-c768d37e9e0c/preview?product=default&tcuUid=1d505bda-9a38-4ca5-8724-052e6337f34dhttps://github.com/gitpod-io/gitpod/compare/release-2022.11.2...2022.11.3https://www.gitpod.iohttps://github.com/gitpod-io/gitpod/commit/6771283c3406586e352337675b79ff2ca50f191bhttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook