All the vulnerabilites related to coder - coder
cve-2024-27918
Vulnerability from cvelistv5
Published
2024-03-06 20:25
Modified
2024-08-05 18:06
Severity ?
EPSS score ?
Summary
Coder's OIDC authentication allows email with partially matching domain to register
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf | x_refsource_CONFIRM | |
| https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0 | x_refsource_MISC | |
| https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31 | x_refsource_MISC | |
| https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb | x_refsource_MISC | |
| https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf"
},
{
"name": "https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0"
},
{
"name": "https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31"
},
{
"name": "https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb"
},
{
"name": "https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:coder:coder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "coder",
"vendor": "coder",
"versions": [
{
"lessThan": "2.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:coder:coder:2.7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "coder",
"vendor": "coder",
"versions": [
{
"lessThan": "2.7.3",
"status": "affected",
"version": "2.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:coder:coder:2.8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "coder",
"vendor": "coder",
"versions": [
{
"lessThan": "2.8.4",
"status": "affected",
"version": "2.8.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T17:35:12.740858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T18:06:33.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "coder",
"vendor": "coder",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.8.0, \u003c 2.8.4"
},
{
"status": "affected",
"version": "\u003e= 2.7.0, \u003c 2.7.3"
},
{
"status": "affected",
"version": "\u003c 2.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder\u0027s OIDC authentication could allow an attacker to bypass the `CODER_OIDC_EMAIL_DOMAIN` verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider. During OIDC registration, the user\u0027s email was improperly validated against the allowed `CODER_OIDC_EMAIL_DOMAIN`s. This could allow a user with a domain that only partially matched an allowed domain to successfully login or register. An attacker could register a domain name that exploited this vulnerability and register on a Coder instance with a public OIDC provider.\n\nCoder instances with OIDC enabled and protected by the `CODER_OIDC_EMAIL_DOMAIN` configuration are affected. Coder instances using a private OIDC provider are not affected, as arbitrary users cannot register through a private OIDC provider without first having an account on the provider. Public OIDC providers are impacted. GitHub authentication and external authentication are not impacted. This vulnerability is remedied in versions 2.8.4, 2.7.3, and 2.6.1 All versions prior to these patches are affected by the vulnerability.*It is recommended that customers upgrade their deployments as soon as possible if they are utilizing OIDC authentication with the `CODER_OIDC_EMAIL_DOMAIN` setting."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T20:25:24.601Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf"
},
{
"name": "https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0"
},
{
"name": "https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31"
},
{
"name": "https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb"
},
{
"name": "https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c"
}
],
"source": {
"advisory": "GHSA-7cc2-r658-7xpf",
"discovery": "UNKNOWN"
},
"title": "Coder\u0027s OIDC authentication allows email with partially matching domain to register"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27918",
"datePublished": "2024-03-06T20:25:24.601Z",
"dateReserved": "2024-02-28T15:14:14.213Z",
"dateUpdated": "2024-08-05T18:06:33.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-58437
Vulnerability from cvelistv5
Published
2025-09-06 02:30
Modified
2025-09-08 16:45
Severity ?
EPSS score ?
Summary
Coder's privilege escalation vulnerability could lead to a cross workspace compromise
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/coder/coder/security/advisories/GHSA-j6xf-jwrj-v5qp | x_refsource_CONFIRM | |
| https://github.com/coder/coder/pull/19667 | x_refsource_MISC | |
| https://github.com/coder/coder/pull/19668 | x_refsource_MISC | |
| https://github.com/coder/coder/pull/19669 | x_refsource_MISC | |
| https://github.com/coder/coder/commit/06cbb2890f453cd522bb2158a6549afa3419c276 | x_refsource_MISC | |
| https://github.com/coder/coder/commit/20d67d7d7191a4fd5d36a61c6fc1e23ab59befc0 | x_refsource_MISC | |
| https://github.com/coder/coder/commit/ec660907faa0b0eae20fa2ba58ce1733f5f4b35a | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58437",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T16:45:07.417468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T16:45:15.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "coder",
"vendor": "coder",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.22.0, \u003c 2.24.4"
},
{
"status": "affected",
"version": "\u003e= 2.25.0, \u003c 2.25.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via coder_workspace_owner.session_token. Prebuilt workspaces are initially owned by a built-in prebuilds system user. When a prebuilt workspace is claimed, a new session token is generated for the user that claimed the workspace, but the previous session token for the prebuilds user was not expired. Any Coder workspace templates that persist this automatically generated session token are potentially impacted. This is fixed in versions 2.24.4 and 2.25.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613: Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-279",
"description": "CWE-279: Incorrect Execution-Assigned Permissions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-277",
"description": "CWE-277: Insecure Inherited Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-06T02:30:08.378Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coder/coder/security/advisories/GHSA-j6xf-jwrj-v5qp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coder/coder/security/advisories/GHSA-j6xf-jwrj-v5qp"
},
{
"name": "https://github.com/coder/coder/pull/19667",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/pull/19667"
},
{
"name": "https://github.com/coder/coder/pull/19668",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/pull/19668"
},
{
"name": "https://github.com/coder/coder/pull/19669",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/pull/19669"
},
{
"name": "https://github.com/coder/coder/commit/06cbb2890f453cd522bb2158a6549afa3419c276",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/06cbb2890f453cd522bb2158a6549afa3419c276"
},
{
"name": "https://github.com/coder/coder/commit/20d67d7d7191a4fd5d36a61c6fc1e23ab59befc0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/20d67d7d7191a4fd5d36a61c6fc1e23ab59befc0"
},
{
"name": "https://github.com/coder/coder/commit/ec660907faa0b0eae20fa2ba58ce1733f5f4b35a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/ec660907faa0b0eae20fa2ba58ce1733f5f4b35a"
}
],
"source": {
"advisory": "GHSA-j6xf-jwrj-v5qp",
"discovery": "UNKNOWN"
},
"title": "Coder\u0027s privilege escalation vulnerability could lead to a cross workspace compromise"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-58437",
"datePublished": "2025-09-06T02:30:08.378Z",
"dateReserved": "2025-09-01T20:03:06.532Z",
"dateUpdated": "2025-09-08T16:45:15.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}