Headline
CVE-2023-0957: Gitpod | Trust Center
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This can lead to the extraction of data from workspaces, to a full takeover of the workspace.
Welcome to Gitpod’s Trust Center. Gitpod takes a central position in the software development lifecycle. As such, the security of our product is paramount; not only at runtime, but also as we build and deliver Gitpod. Use this Trust Center to learn about our security posture and request full access to our security documentation.
GDPR
SOC 2
**
Used by security focused companies
**
Amazon
GitLab
freeCodeCamp
Factorial
Astrato
RedwoodJS
Vizlib
Shares
Vulnerability Assessment Report
Data Processing Agreement
Business Continuity Policy
Data Classification Policy
General Incident Response Policy
Information Security Policy
Software Development Lifecycle
Vulnerability Management Policy