Gitpod
by Gitpod Io
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-55750 | Med | 0.35 | 6.5 | 0.00 | Aug 29, 2025 | Gitpod is a developer platform for cloud development environments. In versions before main-gha.33628 for both Gitpod Classic and Gitpod Classic Enterprise, OAuth integration with Bitbucket in certain conditions allowed a crafted link to expose a valid Bitbucket access token via… | ||
| CVE-2024-21583 | Med | 0.20 | 4.1 | 0.01 | Jul 19, 2024 | Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/p… | ||
| CVE-2023-0957 | 0.00 | — | 0.00 | Mar 3, 2023 | An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is… | |||
| CVE-2021-35206 | 0.00 | — | 0.01 | Jun 22, 2021 | Gitpod before 0.6.0 allows unvalidated redirects. |
- risk 0.35cvss 6.5epss 0.00
Gitpod is a developer platform for cloud development environments. In versions before main-gha.33628 for both Gitpod Classic and Gitpod Classic Enterprise, OAuth integration with Bitbucket in certain conditions allowed a crafted link to expose a valid Bitbucket access token via…
- risk 0.20cvss 4.1epss 0.01
Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/p…
- CVE-2023-0957Mar 3, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is…
- CVE-2021-35206Jun 22, 2021risk 0.00cvss —epss 0.01
Gitpod before 0.6.0 allows unvalidated redirects.