Lucene search

[email protected]CVE-2023-0957

HistoryMar 03, 2023 - 8:15 a.m.

CVE-2023-0957

2023-03-0308:15:08

CWE-1385

CWE-346

[email protected]

web.nvd.nist.gov

cve-2023-0957

gitpod

websocket

vulnerability

jsonrpc

cross-site websocket hijacking

cswsh

origin header

data extraction

workspace takeover

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.6%

JSON

An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This can lead to the extraction of data from workspaces, to a full takeover of the workspace.

Affected configurations

NVD

Node

gitpodgitpodRange<2022.11.2

CPENameOperatorVersion
gitpod:gitpodgitpodlt2022.11.2

CPE	Name	Operator	Version
gitpod:gitpod	gitpod	lt	2022.11.2

CNA Affected

[
  {
    "product": "Gitpod",
    "vendor": "Gitpod",
    "versions": [
      {
        "lessThan": "2022.11.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

app.safebase.io/portal/71ccd717-aa2d-4a1e-942e-c768d37e9e0c/preview?product=default&orgId=71ccd717-aa2d-4a1e-942e-c768d37e9e0c&tcuUid=1d505bda-9a38-4ca5-8724-052e6337f34d

github.com/gitpod-io/gitpod/commit/12956988eec0031f42ffdfa3bdc3359f65628f9f

github.com/gitpod-io/gitpod/commit/673ab6856fa04c13b7b1f2a968e4d090f1d94e4f

github.com/gitpod-io/gitpod/pull/16378

github.com/gitpod-io/gitpod/pull/16405

github.com/gitpod-io/gitpod/releases/tag/release-2022.11.2

snyk.io/blog/gitpod-remote-code-execution-vulnerability-websockets/