CVE-2024-27918

{"id": "CVE-2024-27918", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2024-03-21T02:52:20.863", "references": [{"url": "https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0", "source": "security-advisories@github.com"}, {"url": "https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31", "source": "security-advisories@github.com"}, {"url": "https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb", "source": "security-advisories@github.com"}, {"url": "https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c", "source": "security-advisories@github.com"}, {"url": "https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf", "source": "security-advisories@github.com"}, {"url": "https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder's OIDC authentication could allow an attacker to bypass the `CODER_OIDC_EMAIL_DOMAIN` verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider. During OIDC registration, the user's email was improperly validated against the allowed `CODER_OIDC_EMAIL_DOMAIN`s. This could allow a user with a domain that only partially matched an allowed domain to successfully login or register. An attacker could register a domain name that exploited this vulnerability and register on a Coder instance with a public OIDC provider.\n\nCoder instances with OIDC enabled and protected by the `CODER_OIDC_EMAIL_DOMAIN` configuration are affected. Coder instances using a private OIDC provider are not affected, as arbitrary users cannot register through a private OIDC provider without first having an account on the provider. Public OIDC providers are impacted. GitHub authentication and external authentication are not impacted. This vulnerability is remedied in versions 2.8.4, 2.7.3, and 2.6.1 All versions prior to these patches are affected by the vulnerability.*It is recommended that customers upgrade their deployments as soon as possible if they are utilizing OIDC authentication with the `CODER_OIDC_EMAIL_DOMAIN` setting."}, {"lang": "es", "value": "Coder permite a las organizaciones aprovisionar entornos de desarrollo remotos a trav\u00e9s de Terraform. Antes de las versiones 2.6.1, 2.7.3 y 2.8.4, una vulnerabilidad en la autenticaci\u00f3n OIDC de Coder pod\u00eda permitir a un atacante eludir la verificaci\u00f3n `CODER_OIDC_EMAIL_DOMAIN` y crear una cuenta con un correo electr\u00f3nico que no estaba en la lista de permitidos. Las implementaciones solo se ven afectadas si el proveedor de OIDC permite a los usuarios crear cuentas en el proveedor. Durante el registro de OIDC, el correo electr\u00f3nico del usuario se valid\u00f3 incorrectamente con los `CODER_OIDC_EMAIL_DOMAIN`s permitidos. Esto podr\u00eda permitir que un usuario con un dominio que solo coincidiera parcialmente con un dominio permitido inicie sesi\u00f3n o se registre exitosamente. Un atacante podr\u00eda registrar un nombre de dominio que explotara esta vulnerabilidad y registrarse en una instancia de Coder con un proveedor p\u00fablico de OIDC. Las instancias de Coder con OIDC habilitado y protegido por la configuraci\u00f3n `CODER_OIDC_EMAIL_DOMAIN` se ven afectadas. Las instancias de Coder que utilizan un proveedor OIDC privado no se ven afectadas, ya que los usuarios arbitrarios no pueden registrarse a trav\u00e9s de un proveedor OIDC privado sin tener primero una cuenta en el proveedor. Los proveedores p\u00fablicos de OIDC se ven afectados. La autenticaci\u00f3n de GitHub y la autenticaci\u00f3n externa no se ven afectadas. Esta vulnerabilidad se soluciona en las versiones 2.8.4, 2.7.3 y 2.6.1. Todas las versiones anteriores a estos parches se ven afectadas por la vulnerabilidad. *Se recomienda que los clientes actualicen sus implementaciones lo antes posible si utilizan autenticaci\u00f3n OIDC con la configuraci\u00f3n `CODER_OIDC_EMAIL_DOMAIN`."}], "lastModified": "2024-11-21T09:05:25.243", "sourceIdentifier": "security-advisories@github.com"}