Advisories for Golang/Github.com/Coder/Coder package

Insecure session handling opened room for a privilege escalation scenario in which prebuilt workspaces could be compromised by abusing a shared system identity.

If users log in to Coder via OIDC, and the OpenID Identity Provider does not return a refresh token, then Coder may allow their web session to continue beyond the expiration of the token returned by the OpenID Identity Provider.

An issue on Coder's login page allows attackers to craft a Coder URL that when clicked by a logged in user could redirect them to a website the attacker controls, e.g. https://google.com.

Summary A vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODER_OIDC_EMAIL_DOMAIN verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider (such as public providers like google.com). Details During OIDC registration, the user's email was improperly validated against the allowed CODER_OIDC_EMAIL_DOMAINs. This could allow a user with a …

Summary A vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODER_OIDC_EMAIL_DOMAIN verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider (such as public providers like google.com). Details During OIDC registration, the user's email was improperly validated against the allowed CODER_OIDC_EMAIL_DOMAINs. This could allow a user with a …