2 matches found
Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers
Summary The devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, performed no ActionUpdate check before triggering the destructive rebuild. Note: Exploitation requires an existing low-privilege role with...
PT-2026-56077
Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description An authorization bypass exists in the devcontainer recreate endpoint. The endpoint relied on route...