Back to directory
WRITEUP #1475

Gitpod remote code execution 0-day vulnerability via WebSockets

RCEWebsocketsCross-Site WebSocket Hijacking (CSWH)CloudSamesite cookie bypassAccount takeover
byElliot Ward
Program
Gitpod
Published
Mar 1, 2023
Added to HackDex
Mar 2, 2023
Read Full Writeuphttps://snyk.io/blog/gitpod-remote-code-execution-vulnerability-websockets/
RELATED WRITEUPS
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
CloudRCE
CSWSH Meets LLM Chatbots
AI / LLMLLM
Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens
RCEBruteforce
$500 for Cracking Invitation Code For Unauthorized Access & Account Takeover
RCEOTP bruteforce
Vulnerabilities in Open Source C2 Frameworks
RCEOS command injection

Built with ❤️ by Shubham Rawat