CNNVD-202509-999 Information
CNNVD ID
CNNVD-202509-999
Related CVE
- CNNVD Published: 2025-09-06
Description (Chinese)
Coder是Coder公司的一个可以在公共或私有云基础设施中设置开发环境的应用程序。 Coder 2.24.3及之前版本和2.25.0至2.25.1版本存在代码问题漏洞,该漏洞源于会话处理不当,可能导致会话劫持。
Description (English)
Coder is an application by Coder that can set up an environment for development in a public or private cloud infrastructure. Code 2.24.3 and previous versions and versions 2.25.1 had a code gap, which stemmed from inappropriate handling of sessions, which could lead to hijackings.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
Coder
Published
2025-09-06
Last Modified
2026-02-24
References
https://github.com/coder/coder/security/advisories/GHSA-j6xf-jwrj-v5qp https://github.com/coder/coder/commit/06cbb2890f453cd522bb2158a6549afa3419c276 https://github.com/coder/coder/commit/20d67d7d7191a4fd5d36a61c6fc1e23ab59befc0 https://github.com/coder/coder/commit/ec660907faa0b0eae20fa2ba58ce1733f5f4b35a https://github.com/coder/coder/pull/19667 https://github.com/coder/coder/pull/19668 https://github.com/coder/coder/pull/19669 https://access.redhat.com/security/cve/cve-2025-58437
Patch
https://github.com/coder/coder/releases
Share on: