CNNVD-202512-336 Information

CNNVD ID

CNNVD-202512-336

Related CVE

CVE-2025-66411

• CNNVD Published: 2025-12-03

Description (Chinese)

Coder是Coder公司的一个可以在公共或私有云基础设施中设置开发环境的应用程序。 Coder 2.26.5版本、2.27.7版本和2.28.4版本之前版本存在日志信息泄露漏洞，该漏洞源于工作空间代理清单以明文记录敏感值，可能导致信息泄露。

Description (English)

Coder is an application by Coder that can set up an environment for development in a public or private cloud infrastructure. Code 2.26.5, 2.7.7 and 2.28.4 had a leak in log information, which originated from the list of workspace agents to explicitly record sensitive values and could lead to a leak of information.

Hazard Level

High

Vulnerability Type

日志信息泄露

Affected Vendor

Coder

Published

2025-12-03

Last Modified

2026-02-24

References

https://github.com/coder/coder/security/advisories/GHSA-jf75-p25m-pw74 https://github.com/coder/coder/commit/e2a46393fce40bc630df3293c1ee66a596277289 https://github.com/coder/coder/releases/tag/v2.27.7 https://github.com/coder/coder/releases/tag/v2.26.5 https://github.com/coder/coder/releases/tag/v2.28.4 https://access.redhat.com/security/cve/cve-2025-66411

Patch

https://github.com/coder/coder/releases