CVE-2025-55750
BaseFortify
Publication date: 2025-08-29
Last updated on: 2025-08-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bitbucket | bitbucket | * |
| gitpod | gitpod_classic | * |
| gitpod | gitpod_classic_enterprise | * |
| gitpod | gitpod | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-201 | The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Gitpod Classic's OAuth integration with Bitbucket allowed a crafted link to expose a valid Bitbucket access token via the URL fragment when clicked by an authenticated user. It occurred because of how Bitbucket returned tokens and how Gitpod handled the OAuth redirect flow. The issue was limited to Bitbucket integrations, required user interaction, and did not affect GitHub or GitLab integrations. The exposure of the token could lead to unauthorized access to the user's Bitbucket resources. The vulnerability was fixed by improving redirect handling and OAuth logic in version main-gha.33628 and later. [1]
How can this vulnerability impact me? :
The vulnerability impacts the confidentiality of Bitbucket access tokens by potentially exposing them in URL fragments when a user clicks a crafted link. This could allow attackers to obtain valid access tokens and access the user's Bitbucket resources without authorization. However, exploitation requires user interaction (clicking the malicious link), no special privileges are needed, and the attack complexity is low. The vulnerability does not affect integrity or availability, and there is no evidence of exploitation so far. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for OAuth redirect URLs containing Bitbucket access tokens in URL fragments, especially when users click on crafted links. Since the vulnerability exposes tokens via URL fragments during OAuth redirects, inspecting browser history or network logs for URLs with access tokens in fragments can help. Additionally, reviewing OAuth callback requests for unexpected or malformed state parameters or nonce mismatches may indicate exploitation attempts. However, no specific detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating Gitpod Classic or Gitpod Classic Enterprise to version main-gha.33628 or later, where the vulnerability is fixed. After updating, revoke Gitpod's OAuth access tokens in Bitbucket by visiting Bitbucket's Authorized Applications page, revoking Gitpod's access, and then signing back in to generate new tokens. There are no reliable workarounds without patching, so applying the update and token revocation is essential. [1]