Impact
A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token.
When combined with CVE-2020-6803, an attacker could fully compromise the system.
Patches
The issue has been patched in 0.12.0.
#2446
Workarounds
- Never share your gateway address publicly.
- Never click on links which take you to your gateway, especially to the login page.
Impact
A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token.
When combined with CVE-2020-6803, an attacker could fully compromise the system.
Patches
The issue has been patched in 0.12.0.
#2446
Workarounds