cve-2024-27918
Vulnerability from cvelistv5
Published
2024-03-06 20:25
Modified
2024-08-05 18:06
Severity ?
EPSS score ?
Summary
Coder's OIDC authentication allows email with partially matching domain to register
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf"
},
{
"name": "https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0"
},
{
"name": "https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31"
},
{
"name": "https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb"
},
{
"name": "https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:coder:coder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "coder",
"vendor": "coder",
"versions": [
{
"lessThan": "2.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:coder:coder:2.7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "coder",
"vendor": "coder",
"versions": [
{
"lessThan": "2.7.3",
"status": "affected",
"version": "2.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:coder:coder:2.8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "coder",
"vendor": "coder",
"versions": [
{
"lessThan": "2.8.4",
"status": "affected",
"version": "2.8.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T17:35:12.740858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T18:06:33.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "coder",
"vendor": "coder",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.8.0, \u003c 2.8.4"
},
{
"status": "affected",
"version": "\u003e= 2.7.0, \u003c 2.7.3"
},
{
"status": "affected",
"version": "\u003c 2.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder\u0027s OIDC authentication could allow an attacker to bypass the `CODER_OIDC_EMAIL_DOMAIN` verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider. During OIDC registration, the user\u0027s email was improperly validated against the allowed `CODER_OIDC_EMAIL_DOMAIN`s. This could allow a user with a domain that only partially matched an allowed domain to successfully login or register. An attacker could register a domain name that exploited this vulnerability and register on a Coder instance with a public OIDC provider.\n\nCoder instances with OIDC enabled and protected by the `CODER_OIDC_EMAIL_DOMAIN` configuration are affected. Coder instances using a private OIDC provider are not affected, as arbitrary users cannot register through a private OIDC provider without first having an account on the provider. Public OIDC providers are impacted. GitHub authentication and external authentication are not impacted. This vulnerability is remedied in versions 2.8.4, 2.7.3, and 2.6.1 All versions prior to these patches are affected by the vulnerability.*It is recommended that customers upgrade their deployments as soon as possible if they are utilizing OIDC authentication with the `CODER_OIDC_EMAIL_DOMAIN` setting."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T20:25:24.601Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf"
},
{
"name": "https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0"
},
{
"name": "https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31"
},
{
"name": "https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb"
},
{
"name": "https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c"
}
],
"source": {
"advisory": "GHSA-7cc2-r658-7xpf",
"discovery": "UNKNOWN"
},
"title": "Coder\u0027s OIDC authentication allows email with partially matching domain to register"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27918",
"datePublished": "2024-03-06T20:25:24.601Z",
"dateReserved": "2024-02-28T15:14:14.213Z",
"dateUpdated": "2024-08-05T18:06:33.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-27918\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-03-21T02:52:20.863\",\"lastModified\":\"2024-03-21T12:58:51.093\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder\u0027s OIDC authentication could allow an attacker to bypass the `CODER_OIDC_EMAIL_DOMAIN` verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider. During OIDC registration, the user\u0027s email was improperly validated against the allowed `CODER_OIDC_EMAIL_DOMAIN`s. This could allow a user with a domain that only partially matched an allowed domain to successfully login or register. An attacker could register a domain name that exploited this vulnerability and register on a Coder instance with a public OIDC provider.\\n\\nCoder instances with OIDC enabled and protected by the `CODER_OIDC_EMAIL_DOMAIN` configuration are affected. Coder instances using a private OIDC provider are not affected, as arbitrary users cannot register through a private OIDC provider without first having an account on the provider. Public OIDC providers are impacted. GitHub authentication and external authentication are not impacted. This vulnerability is remedied in versions 2.8.4, 2.7.3, and 2.6.1 All versions prior to these patches are affected by the vulnerability.*It is recommended that customers upgrade their deployments as soon as possible if they are utilizing OIDC authentication with the `CODER_OIDC_EMAIL_DOMAIN` setting.\"},{\"lang\":\"es\",\"value\":\"Coder permite a las organizaciones aprovisionar entornos de desarrollo remotos a trav\u00e9s de Terraform. Antes de las versiones 2.6.1, 2.7.3 y 2.8.4, una vulnerabilidad en la autenticaci\u00f3n OIDC de Coder pod\u00eda permitir a un atacante eludir la verificaci\u00f3n `CODER_OIDC_EMAIL_DOMAIN` y crear una cuenta con un correo electr\u00f3nico que no estaba en la lista de permitidos. Las implementaciones solo se ven afectadas si el proveedor de OIDC permite a los usuarios crear cuentas en el proveedor. Durante el registro de OIDC, el correo electr\u00f3nico del usuario se valid\u00f3 incorrectamente con los `CODER_OIDC_EMAIL_DOMAIN`s permitidos. Esto podr\u00eda permitir que un usuario con un dominio que solo coincidiera parcialmente con un dominio permitido inicie sesi\u00f3n o se registre exitosamente. Un atacante podr\u00eda registrar un nombre de dominio que explotara esta vulnerabilidad y registrarse en una instancia de Coder con un proveedor p\u00fablico de OIDC. Las instancias de Coder con OIDC habilitado y protegido por la configuraci\u00f3n `CODER_OIDC_EMAIL_DOMAIN` se ven afectadas. Las instancias de Coder que utilizan un proveedor OIDC privado no se ven afectadas, ya que los usuarios arbitrarios no pueden registrarse a trav\u00e9s de un proveedor OIDC privado sin tener primero una cuenta en el proveedor. Los proveedores p\u00fablicos de OIDC se ven afectados. La autenticaci\u00f3n de GitHub y la autenticaci\u00f3n externa no se ven afectadas. Esta vulnerabilidad se soluciona en las versiones 2.8.4, 2.7.3 y 2.6.1. Todas las versiones anteriores a estos parches se ven afectadas por la vulnerabilidad. *Se recomienda que los clientes actualicen sus implementaciones lo antes posible si utilizan autenticaci\u00f3n OIDC con la configuraci\u00f3n `CODER_OIDC_EMAIL_DOMAIN`.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf\",\"source\":\"security-advisories@github.com\"}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.