5 matches found
EUVD-2025-29435
Malicious code in bioql PyPI...
GO-2025-3921 Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token in github.com/coder/coder
Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token in github.com/coder/coder...
GHSA-3RW9-WMC8-8948 Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token
Summary If users log in to Coder via OIDC, and the OpenID Identity Provider does not return a refresh token, then Coder may allow their web session to continue beyond the expiration of the token returned by the OpenID Identity Provider. Details When a user logs in via OIDC, Coder stores the OIDC...
Use of a Key Past its Expiration Date
Overview Affected versions of this package are vulnerable to Use of a Key Past its Expiration Date due to improper enforcement of OIDC token expiry in the authentication process when no refresh token is provided. An attacker can maintain unauthorized access to the service by continuously using a...
Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token
Summary If users log in to Coder via OIDC, and the OpenID Identity Provider does not return a refresh token, then Coder may allow their web session to continue beyond the expiration of the token returned by the OpenID Identity Provider. Details When a user logs in via OIDC, Coder stores the OIDC...