Interactive RCE exploit demo for Eclipse CHE
The /services websocket endpoint in Eclipse CHE adn Theia is vulnerable to cross-site websocket hijacking.
This vulnerability affects Eclipse CHE servers that uses cookie or basic authentication as the websocket
connection doesn’t perform any cross-site checks or in-channel authentication, the browser automatically
includes any credentials when connecting from third-party domains. The attack works just like a cross-site
request forgery attack, except it is much more powerful as it grants an attacker two-way communicaiton.
Read more about CSWSH here: https://portswigger.net/web-security/websockets/cross-site-websocket-hijacking