Lucene search
+L

4 matches found

Vulnrichment
Vulnrichment
added 2024/03/06 8:25 p.m.19 views

CVE-2024-27918 Coder's OIDC authentication allows email with partially matching domain to register

Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODEROIDCEMAILDOMAIN verification and create an account with an email not in the...

8.2CVSS6.9AI score0.00965EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/03/06 8:25 p.m.71 views

CVE-2024-27918 Coder's OIDC authentication allows email with partially matching domain to register

Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODEROIDCEMAILDOMAIN verification and create an account with an email not in the...

8.2CVSS8.5AI score0.00965EPSS
Exploits0References5
CVE
CVE
added 2024/03/06 8:25 p.m.90 views

CVE-2024-27918

Coder’s CVE-2024-27918 describes an OIDC authentication flaw where the CODER_OIDC_EMAIL_DOMAIN verification can be bypassed, allowing registration/login with emails not on the allowlist when using public OIDC providers. Affected are Coder instances with OIDC enabled and domain-based allowlists, w...

8.2CVSS8.3AI score0.00965EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/04 8:45 p.m.26 views

Coder's OIDC authentication allows email with partially matching domain to register

Summary A vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODEROIDCEMAILDOMAIN verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider such as publi...

8.2CVSS6.9AI score0.00965EPSS
Exploits0References7Affected Software2
Rows per page
Query Builder