CVE-2023-26114

Опубликовано: 23 мар. 2023

Источник: nvd

CVSS3: 8.2

CVSS3: 9.3

EPSS Низкий

Описание

Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.

Ссылки

https://github.com/coder/code-server/commit/d477972c68fc8c8e8d610aa7287db87ba90e55c7
Patch
https://github.com/coder/code-server/releases/tag/v4.10.1
Release Notes
https://security.snyk.io/vuln/SNYK-JS-CODESERVER-3368148
Patch
https://github.com/coder/code-server/commit/d477972c68fc8c8e8d610aa7287db87ba90e55c7
Patch
https://github.com/coder/code-server/releases/tag/v4.10.1
Release Notes
https://security.snyk.io/vuln/SNYK-JS-CODESERVER-3368148
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:coder:code-server:*:*:*:*:*:*:*:*

Версия до 4.10.1 (исключая)

EPSS

Процентиль: 21%

0.0007

Низкий

8.2 High

CVSS3

9.3 Critical

CVSS3

Дефекты

CWE-1385

CWE-346

Связанные уязвимости

GHSA-frjg-g767-7363

CVSS3: 9.3

github

почти 3 года назад

code-server vulnerable to Missing Origin Validation in WebSockets

EPSS

Процентиль: 21%

0.0007

Низкий

8.2 High

CVSS3

9.3 Critical

CVSS3

Дефекты

CWE-1385

CWE-346