Lucene search
K

9 matches found

CVE
CVE
added 4 days ago14 views

CVE-2026-55431

Coder prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 is vulnerable to session-token leakage via coder open app for external workspace apps. The CLI opens external workspace-app URLs without validating scheme/host, and if a URL contains the placeholder $SESSION_TOKEN, the token is substitute...

7.7CVSS6AI score0.00336EPSS
Exploits0References6Affected Software1
CVE
CVE
added 4 days ago19 views

CVE-2026-55429

Coder's CVE-2026-55429 describes a cross-workspace agent rebinding vulnerability in UpsertWorkspaceApp and insertAgentApp where a provisioner payload can bind a victim app to an attacker-controlled agent due to lack of workspace verification. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, ...

8.7CVSS6AI score0.00508EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-42135

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob...

8.7CVSS6AI score0.00508EPSS
Exploits0References6
OSV
OSV
added 5 days ago8 views

GO-2026-5924 Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps in github.com/coder/coder

Coder's session token leaked to arbitrary hosts via coder open app for external workspace apps in github.com/coder/coder...

7.7CVSS6AI score0.00336EPSS
Exploits0References2
Veracode
Veracode
added 5 days ago4 views

Improper Authorization

The CreateSubAgent RPC is vulnerable to improper authorization. The vulnerability is due to the failure to validate the requested app sharing level against the template's maximum allowed sharing level before persisting workspace apps, which allows a workspace owner to exceed the...

5.4CVSS5.9AI score0.00315EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
added 6 days ago8 views

Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID

Summary UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob payload without verifying it belongs to the workspace being built. CompleteJob runs under dbauthz.AsProvisionerd so the authorization...

8.7CVSS5.9AI score0.00508EPSS
Exploits0References3Affected Software1
Citrix
Citrix
added 2024/10/21 12:0 a.m.7 views

If Workspace Apps is deployed by StoreFront, platformRateLimitPktDrop can be recorded in ns.log.

"platformRateLimitPktDrop" is recorded when the licensed bandwidth is exceeded. Recent Citrix Workspace Apps size is larger than before. If you set "Local files on the storeFront server on Citrix StoreFront", licensed bandwidth can be exceeded...

7.1AI score
Exploits0
hivepro
hivepro
added 2023/02/16 11:40 a.m.19 views

Citrix Resolves Vulnerabilities in Virtual Apps and Workspace Apps

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Citrix Systems has addressed vulnerabilities in its Virtual Apps and Desktops, as well as Workspace Apps products, that could potentially enable attackers with local access to the target to elevat...

3.9AI score
Exploits0
CISA
CISA
added 2023/02/14 12:0 a.m.177 views

Citrix Releases Security Updates for Workspace Apps, Virtual Apps and Desktops

Citrix has released security updates to address high-severity vulnerabilities CVE-2023-24486, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24483 in Citrix Workspace Apps, Virtual Apps and Desktops. A local user could exploit these vulnerabilities to take control of an affected system. CISA...

1.8AI score0.00265EPSS
Exploits1References3
Rows per page
Query Builder