CVE-2021-35206 Information

Jun 07, 2022 cve

Description

Gitpod before 0.6.0 allows unvalidated redirects.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://github.com/gitpod-io/gitpod/blob/main/CHANGELOG.md https://github.com/gitpod-io/gitpod/pull/2879#issuecomment-865662372 https://github.com/gitpod-io/gitpod/pull/4567 https://github.com/gitpod-io/gitpod/pull/4567/commits/f78b7d18e509e28e71b65bbd4dfd52c16ca57c18 https://github.com/gitpod-io/gitpod/commit/8ca431f86ae3a6f9a17afcfed51cdd065fcff1a5 https://github.com/gitpod-io/gitpod/pull/2879 https://www.gitpod.io/changelog https://github.com/gitpod-io/gitpod/compare/0.6.0-beta5…0.6.0

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1

Share on: