5 matches found
GO-2026-5922 Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers in github.com/coder/coder
Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers in github.com/coder/coder...
GO-2026-5924 Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps in github.com/coder/coder
Coder's session token leaked to arbitrary hosts via coder open app for external workspace apps in github.com/coder/coder...
GO-2026-5918 Coder's workspace app CORS origin check can be bypassed via UUID-based subdomain spoofing in github.com/coder/coder
Coder's workspace app CORS origin check can be bypassed via UUID-based subdomain spoofing in github.com/coder/coder...
GO-2026-5915 Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator in github.com/coder/coder
Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator in github.com/coder/coder...
GO-2025-3938 Coder vulnerable to privilege escalation could lead to a cross workspace compromise in github.com/coder/coder
Coder vulnerable to privilege escalation could lead to a cross workspace compromise in github.com/coder/coder...