Lucene search
K

106 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-46354

Coder allows organizations to provision remote development environments via Terraform. In versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3, azureidentity.Validate verifies that the PKCS7 signer certificate chains to a trusted Azure CA but never verifies the PKCS7 signature...

9.1CVSS0.00262EPSS
Exploits0References8
NVD
NVD
added 2 days ago6 views

CVE-2026-45796

Coder allows organizations to provision remote development environments via Terraform. Versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3 are vulnerable to unauthenticated semi-blind Server-Side Request Forgery SSRF via the Azure instance identity endpoint POST...

6.5CVSS0.0034EPSS
Exploits0References9
CVE
CVE
added 2 days ago37 views

CVE-2026-46354

Summary: A PKCS#7 signature bypass in Coder (Coder v2 before patches) allows unauthenticated token theft via Azure instance identity. The issue stems from azureidentity.Validate() validating only the signer certificate chain, not the signature itself, enabling forged PKCS#7 envelopes containing a...

9.1CVSS6.1AI score0.00262EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2 days ago24 views

CVE-2026-46354 Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft

Coder allows organizations to provision remote development environments via Terraform. In versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3, azureidentity.Validate verifies that the PKCS7 signer certificate chains to a trusted Azure CA but never verifies the PKCS7 signature...

9.1CVSS0.00262EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-45796

Coder allows organizations to provision remote development environments via Terraform. Versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3 are vulnerable to unauthenticated semi-blind Server-Side Request Forgery SSRF via the Azure instance identity endpoint POST...

6.5CVSS6.1AI score0.0034EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2 days ago22 views

CVE-2026-45796 Coder vulnerable to unauthenticated SSRF via Azure Instance Identity Endpoint

Coder allows organizations to provision remote development environments via Terraform. Versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3 are vulnerable to unauthenticated semi-blind Server-Side Request Forgery SSRF via the Azure instance identity endpoint POST...

6.5CVSS0.0034EPSS
Exploits0References9
OSV
OSV
added 2 days ago3 views

PYSEC-2026-1209 Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...

6.8CVSS5.9AI score0.00788EPSS
Exploits0References10
Snyk
Snyk
added 2026/06/25 6:43 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation Upgrade...

9.3CVSS5.8AI score0.00262EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 6:43 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation Upgrade...

9.3CVSS5.8AI score0.00262EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 6:43 p.m.3 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation There is...

9.3CVSS5.8AI score0.00262EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 6:43 p.m.5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation There is...

9.3CVSS5.8AI score0.00262EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:26 p.m.3 views

GO-2026-5169 Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint in github.com/coder/coder

Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint in github.com/coder/coder...

6.5CVSS5.8AI score0.0034EPSS
Exploits0References9
Snyk
Snyk
added 2026/06/25 6:26 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Azure Instance Identity Endpoint process. An attacker can access internal resources or sensitive information by sending crafted requests to the affected endpoint without authentication. Remediati...

6.9CVSS5.8AI score0.0034EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 6:26 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Azure Instance Identity Endpoint process. An attacker can access internal resources or sensitive information by sending crafted requests to the affected endpoint without authentication. Remediati...

6.9CVSS5.8AI score0.0034EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 6:26 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Azure Instance Identity Endpoint process. An attacker can access internal resources or sensitive information by sending crafted requests to the affected endpoint without authentication. Remediati...

6.9CVSS5.8AI score0.0034EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.7 views

openSUSE 15: azure-cli / azure-cli-core / azure-cli-telemetry / python311-anyio / etc (SUSE-SU-SUSE-RU-2026:2237-2)

"The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-SUSE-RU-2026:2237-2 advisory. Changes in azure-cli-core: - Drop CVE-2025-24049 patch, fixed upstream - New upstream release - Version 2.82.0 - For detailed information...

8.4CVSS6.7AI score0.00788EPSS
Exploits0References14
NVD
NVD
added 2026/05/22 11:16 p.m.19 views

CVE-2026-35430

Authorization bypass through user-controlled key in Azure Privileged Identity Management PIM allows an authorized attacker to elevate privileges over a network...

8.8CVSS0.00426EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 7:53 p.m.4 views

GHSA-686C-7VGV-V3FX Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint

Summary Unauthenticated semi-blind Server-Side Request Forgery SSRF via the Azure instance identity endpoint POST /api/v2/workspaceagents/azure-instance-identity. An external attacker can force the Coder server to issue HTTP GET requests to arbitrary internal or external hosts by submitting a...

6.5CVSS6.1AI score0.0034EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.14 views

PT-2026-42031

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.33.3 Coder versions prior to 2.32.2 Coder versions prior to 2.31.12 Coder versions prior to 2.30.8 Coder versions prior to 2.29.13 Coder versions prior to 2.24.5 Description An unauthenticated semi-blind Server-Side...

6.5CVSS6AI score0.0034EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.9 views

PT-2026-42039

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.33.3 Coder versions prior to 2.32.2 Coder versions prior to 2.31.12 Coder versions prior to 2.30.8 Coder versions prior to 2.29.13 Coder versions prior to 2.24.5 Description The azureidentity.Validate function verifie...

9.1CVSS6AI score0.00262EPSS
Exploits0References17
Rows per page
Query Builder