CVE-2024-27918 (GCVE-0-2024-27918)
Vulnerability from cvelistv5
Published
2024-03-06 20:25
Modified
2024-08-05 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder's OIDC authentication could allow an attacker to bypass the `CODER_OIDC_EMAIL_DOMAIN` verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider. During OIDC registration, the user's email was improperly validated against the allowed `CODER_OIDC_EMAIL_DOMAIN`s. This could allow a user with a domain that only partially matched an allowed domain to successfully login or register. An attacker could register a domain name that exploited this vulnerability and register on a Coder instance with a public OIDC provider.
Coder instances with OIDC enabled and protected by the `CODER_OIDC_EMAIL_DOMAIN` configuration are affected. Coder instances using a private OIDC provider are not affected, as arbitrary users cannot register through a private OIDC provider without first having an account on the provider. Public OIDC providers are impacted. GitHub authentication and external authentication are not impacted. This vulnerability is remedied in versions 2.8.4, 2.7.3, and 2.6.1 All versions prior to these patches are affected by the vulnerability.*It is recommended that customers upgrade their deployments as soon as possible if they are utilizing OIDC authentication with the `CODER_OIDC_EMAIL_DOMAIN` setting.
References
| URL | Tags | |
|---|---|---|
|
|
||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf"
},
{
"name": "https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0"
},
{
"name": "https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31"
},
{
"name": "https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb"
},
{
"name": "https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:coder:coder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "coder",
"vendor": "coder",
"versions": [
{
"lessThan": "2.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:coder:coder:2.7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "coder",
"vendor": "coder",
"versions": [
{
"lessThan": "2.7.3",
"status": "affected",
"version": "2.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:coder:coder:2.8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "coder",
"vendor": "coder",
"versions": [
{
"lessThan": "2.8.4",
"status": "affected",
"version": "2.8.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T17:35:12.740858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T18:06:33.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "coder",
"vendor": "coder",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.8.0, \u003c 2.8.4"
},
{
"status": "affected",
"version": "\u003e= 2.7.0, \u003c 2.7.3"
},
{
"status": "affected",
"version": "\u003c 2.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder\u0027s OIDC authentication could allow an attacker to bypass the `CODER_OIDC_EMAIL_DOMAIN` verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider. During OIDC registration, the user\u0027s email was improperly validated against the allowed `CODER_OIDC_EMAIL_DOMAIN`s. This could allow a user with a domain that only partially matched an allowed domain to successfully login or register. An attacker could register a domain name that exploited this vulnerability and register on a Coder instance with a public OIDC provider.\n\nCoder instances with OIDC enabled and protected by the `CODER_OIDC_EMAIL_DOMAIN` configuration are affected. Coder instances using a private OIDC provider are not affected, as arbitrary users cannot register through a private OIDC provider without first having an account on the provider. Public OIDC providers are impacted. GitHub authentication and external authentication are not impacted. This vulnerability is remedied in versions 2.8.4, 2.7.3, and 2.6.1 All versions prior to these patches are affected by the vulnerability.*It is recommended that customers upgrade their deployments as soon as possible if they are utilizing OIDC authentication with the `CODER_OIDC_EMAIL_DOMAIN` setting."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T20:25:24.601Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf"
},
{
"name": "https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0"
},
{
"name": "https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31"
},
{
"name": "https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb"
},
{
"name": "https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c"
}
],
"source": {
"advisory": "GHSA-7cc2-r658-7xpf",
"discovery": "UNKNOWN"
},
"title": "Coder\u0027s OIDC authentication allows email with partially matching domain to register"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27918",
"datePublished": "2024-03-06T20:25:24.601Z",
"dateReserved": "2024-02-28T15:14:14.213Z",
"dateUpdated": "2024-08-05T18:06:33.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf\", \"name\": \"https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0\", \"name\": \"https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31\", \"name\": \"https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb\", \"name\": \"https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c\", \"name\": \"https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T00:41:55.716Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-27918\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-05T17:35:12.740858Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:coder:coder:*:*:*:*:*:*:*:*\"], \"vendor\": \"coder\", \"product\": \"coder\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.6.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:coder:coder:2.7.0:*:*:*:*:*:*:*\"], \"vendor\": \"coder\", \"product\": \"coder\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.7.0\", \"lessThan\": \"2.7.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:coder:coder:2.8.0:*:*:*:*:*:*:*\"], \"vendor\": \"coder\", \"product\": \"coder\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.8.0\", \"lessThan\": \"2.8.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-05T18:06:16.912Z\"}}], \"cna\": {\"title\": \"Coder\u0027s OIDC authentication allows email with partially matching domain to register\", \"source\": {\"advisory\": \"GHSA-7cc2-r658-7xpf\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"coder\", \"product\": \"coder\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 2.8.0, \u003c 2.8.4\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2.7.0, \u003c 2.7.3\"}, {\"status\": \"affected\", \"version\": \"\u003c 2.6.1\"}]}], \"references\": [{\"url\": \"https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf\", \"name\": \"https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0\", \"name\": \"https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31\", \"name\": \"https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb\", \"name\": \"https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c\", \"name\": \"https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder\u0027s OIDC authentication could allow an attacker to bypass the `CODER_OIDC_EMAIL_DOMAIN` verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider. During OIDC registration, the user\u0027s email was improperly validated against the allowed `CODER_OIDC_EMAIL_DOMAIN`s. This could allow a user with a domain that only partially matched an allowed domain to successfully login or register. An attacker could register a domain name that exploited this vulnerability and register on a Coder instance with a public OIDC provider.\\n\\nCoder instances with OIDC enabled and protected by the `CODER_OIDC_EMAIL_DOMAIN` configuration are affected. Coder instances using a private OIDC provider are not affected, as arbitrary users cannot register through a private OIDC provider without first having an account on the provider. Public OIDC providers are impacted. GitHub authentication and external authentication are not impacted. This vulnerability is remedied in versions 2.8.4, 2.7.3, and 2.6.1 All versions prior to these patches are affected by the vulnerability.*It is recommended that customers upgrade their deployments as soon as possible if they are utilizing OIDC authentication with the `CODER_OIDC_EMAIL_DOMAIN` setting.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-03-06T20:25:24.601Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-27918\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-05T18:06:33.208Z\", \"dateReserved\": \"2024-02-28T15:14:14.213Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-03-06T20:25:24.601Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…