11 matches found
EUVD-2025-200300
A container privilege escalation flaw was found in certain CodeReady Workspaces images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...
CVE-2025-57850
A container privilege escalation flaw was found in certain CodeReady Workspaces images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...
CVE-2025-57850
CVE-2025-57850 describes a container privilege escalation in CodeReady Workspaces images. The root cause is that the build process creates /etc/passwd with group-writable permissions, enabling a container user (even non-root) to leverage membership in the root group to modify /etc/passwd and add ...
CVE-2025-57850 Codeready-ws: privilege escalation via excessive /etc/passwd permissions
A container privilege escalation flaw was found in certain CodeReady Workspaces images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...
EUVD-2020-6509
Malware in sbrugna...
CVE-2020-14368
A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery CSRF and consequently allowing a cross-site WebSocket hijack on Thei...
CVE-2020-14368
A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery CSRF and consequently allowing a cross-site WebSocket hijack on Thei...
Cross site request forgery (csrf)
A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery CSRF and consequently allowing a cross-site WebSocket hijack on Thei...
CVE-2020-14368
A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery CSRF and consequently allowing a cross-site WebSocket hijack on Thei...
CVE-2020-14368
CVE-2020-14368 affects Eclipse Che (versions prior to 7.14.0) when cookie-based authentication is configured, enabling CSRF due to Theia IDE not setting SameSite correctly and enabling a cross-site WebSocket hijack on the /services endpoint. Attack scenario involves MITM and tricking the user int...
Moderate: Red Hat Security Advisory: Red Hat CodeReady Workspaces 2.1.0 release
Red Hat CodeReady Workspaces 2.1.0 has been released. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in th...