Lucene search
K

4 matches found

CVE
CVE
added 6 hours ago12 views

CVE-2026-55429

Coder's CVE-2026-55429 describes a cross-workspace agent rebinding vulnerability in UpsertWorkspaceApp and insertAgentApp where a provisioner payload can bind a victim app to an attacker-controlled agent due to lack of workspace verification. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, ...

8.7CVSS6AI score
Exploits0References6
OSV
OSV
added yesterday4 views

GO-2026-5909 Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID in github.com/coder/coder

Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID in github.com/coder/coder...

8.7CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2 days ago8 views

Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID

Summary UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob payload without verifying it belongs to the workspace being built. CompleteJob runs under dbauthz.AsProvisionerd so the authorization...

8.7CVSS5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2 days ago3 views

GHSA-9RJW-3GWP-F59V Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID

Summary UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob payload without verifying it belongs to the workspace being built. CompleteJob runs under dbauthz.AsProvisionerd so the authorization...

8.7CVSS5.9AI score
Exploits0References3
Rows per page
Query Builder