{"url":"http://public2.vulnerablecode.io/api/packages/114609?format=json","purl":"pkg:golang/github.com/coder/coder/v2@2.31.12","type":"golang","namespace":"github.com/coder/coder","name":"v2","version":"2.31.12","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.32.2","latest_non_vulnerable_version":"2.33.3","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94285?format=json","vulnerability_id":"VCID-41js-6zwv-93be","summary":"Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft\n## Summary\n\n`azureidentity.Validate()` verifies that the PKCS#7 signer certificate chains to a trusted Azure CA but never verifies the PKCS#7 signature itself. An attacker can embed a legitimate Azure certificate alongside arbitrary content e.g. `{\"vmId\":\"<target>\"}` and the forged `vmId` will be accepted returning the victim workspace agent's session token.\n\n**No authentication is required.** The attacker only needs to know a target VM's `vmId` which is a `UUIDv4`.\n> that's a practical limitation which would typically require prior access to be exploited\n\n## Root Cause\n\nIn unpatched Coder releases the signature over the PKCS#7 content is not validated - only the signing certificate is checked.\n\n## Impact\n\nAn attacker on any Azure VM or with access to a publicly available Azure IMDS certificate from CT logs can:\n\n1. **Steal an agent session token** by sending a forged PKCS#7 envelope to `POST /api/v2/workspaceagents/azure-instance-identity` which is unauthenticated.\n2. **With the stolen token** access:\n   - **Git SSH private key** via `GET /workspaceagents/me/gitsshkey`: push to repositories and impersonate the workspace owner.\n   - **OAuth access tokens** via `GET /workspaceagents/me/external-auth`: GitHub, GitLab, and Bitbucket tokens in plaintext.\n   - **Workspace secrets** via the agent manifest: environment variables, file paths, and API keys.\n\n## Attack Path Diagram\n\n<img width=\"5588\" height=\"4176\" alt=\"PKCS7_diagram (1)\" src=\"https://github.com/user-attachments/assets/74e88a89-a995-450d-87ab-6feed03579a5\" />\n\n## Affected Versions\n\nAll versions of Coder v2 are affected.\n\n## Patches\n\nFixed in [#25286 ](https://github.com/coder/coder/pull/25286)\n\nThe fix was backported to all supported release lines:\n\n| Patched Versions |\n| --- |\n| [**v2.33.3**](https://github.com/coder/coder/releases/tag/v2.33.3) |\n| [**v2.32.2**](https://github.com/coder/coder/releases/tag/v2.32.2) |\n| [**v2.31.12**](https://github.com/coder/coder/releases/tag/v2.31.12) |\n| [**v2.30.8**](https://github.com/coder/coder/releases/tag/v2.30.8) |\n| [**v2.29.13**](https://github.com/coder/coder/releases/tag/v2.29.13) |\n| [**v2.24.5**](https://github.com/coder/coder/releases/tag/v2.24.5) |\n\n## Workarounds\n\nIf unable to patch we recommend immediately reconfiguring any Azure templates to use token authentication rather than `azure-instance-identity` until the patch is released and you are fully upgraded.\n\n1. Modify the [`coder_agent.auth`](https://registry.terraform.io/providers/coder/coder/latest/docs/resources/agent#auth-1) value to be `token`.\n2. Add `CODER_AGENT_TOKEN=${coder_agent.main.token}` to the set of environment variables for the Coder Workspace Agent initialization script.\n\n## Recognition\n\nWe'd like to thank [Ben Tran](https://github.com/bencalif) of [calif.io](http://calif.io) and Anthropic’s Security Team (`ANT-2026-22445`) for independently disclosing this issue!","references":[{"reference_url":"https://github.com/coder/coder","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coder/coder"},{"reference_url":"https://github.com/coder/coder/pull/25286","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coder/coder/pull/25286"},{"reference_url":"https://github.com/coder/coder/releases/tag/v2.24.5","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coder/coder/releases/tag/v2.24.5"},{"reference_url":"https://github.com/coder/coder/releases/tag/v2.29.13","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coder/coder/releases/tag/v2.29.13"},{"reference_url":"https://github.com/coder/coder/releases/tag/v2.30.8","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coder/coder/releases/tag/v2.30.8"},{"reference_url":"https://github.com/coder/coder/releases/tag/v2.31.12","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coder/coder/releases/tag/v2.31.12"},{"reference_url":"https://github.com/coder/coder/releases/tag/v2.32.2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coder/coder/releases/tag/v2.32.2"},{"reference_url":"https://github.com/coder/coder/releases/tag/v2.33.3","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coder/coder/releases/tag/v2.33.3"},{"reference_url":"https://github.com/coder/coder/security/advisories/GHSA-6x44-w3xg-hqqf","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coder/coder/security/advisories/GHSA-6x44-w3xg-hqqf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114612?format=json","purl":"pkg:golang/github.com/coder/coder/v2@2.24.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/coder/coder/v2@2.24.5"},{"url":"http://public2.vulnerablecode.io/api/packages/114611?format=json","purl":"pkg:golang/github.com/coder/coder/v2@2.29.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/coder/coder/v2@2.29.13"},{"url":"http://public2.vulnerablecode.io/api/packages/114610?format=json","purl":"pkg:golang/github.com/coder/coder/v2@2.30.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/coder/coder/v2@2.30.8"},{"url":"http://public2.vulnerablecode.io/api/packages/114609?format=json","purl":"pkg:golang/github.com/coder/coder/v2@2.31.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/coder/coder/v2@2.31.12"},{"url":"http://public2.vulnerablecode.io/api/packages/114608?format=json","purl":"pkg:golang/github.com/coder/coder/v2@2.32.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/coder/coder/v2@2.32.2"},{"url":"http://public2.vulnerablecode.io/api/packages/114607?format=json","purl":"pkg:golang/github.com/coder/coder/v2@2.33.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/coder/coder/v2@2.33.3"}],"aliases":["CVE-2026-46354","GHSA-6x44-w3xg-hqqf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-41js-6zwv-93be"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92071?format=json","vulnerability_id":"VCID-6218-cd5b-skby","summary":"Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint\n## Summary\n\nUnauthenticated semi-blind Server-Side Request Forgery (SSRF) via the Azure instance identity endpoint (`POST /api/v2/workspaceagents/azure-instance-identity`). An external attacker can force the Coder server to issue HTTP GET requests to arbitrary internal or external hosts by submitting a crafted PKCS#7 signature. The server does not return the target's response body, but error messages in the API response reveal whether the target is reachable and what type of failure occurred.\n\n## Details\n\nThe `POST /api/v2/workspaceagents/azure-instance-identity` endpoint accepts a PKCS#7 signature without authentication. During certificate chain verification, [`azureidentity.Validate()`](https://github.com/coder/coder/blob/aa0e288b88/coderd/azureidentity/azureidentity.go#L83-L88) iterates over the signer certificate's `IssuingCertificateURL` extension and fetches each URL using `http.DefaultClient` with no host restriction, no private-IP blocking, and no response-size limit.\n\nAn attacker crafts a self-signed certificate whose Common Name matches `*.metadata.azure.com` (passing the `allowedSigners` regex) and whose `IssuingCertificateURL` points to an attacker-chosen target. The server fetches that URL and feeds the response body into `x509.ParseCertificate`. The parsed result is discarded, but the wrapped error string is returned verbatim in the JSON response via `Detail: err.Error()`. Connection-level errors (\"connection refused\", \"i/o timeout\", DNS failures) and certificate-parse errors give the attacker enough signal to infer host reachability and port state without seeing the actual response content.\n\n**Root causes:**\n\n1. No allowlist on `IssuingCertificateURL` hosts. Any URL was accepted.\n2. `http.DefaultClient` was used. It follows redirects and connects to private, link-local, and loopback addresses.\n3. Unbounded `io.ReadAll` on the response body (memory exhaustion vector).\n4. Raw `err.Error()` was returned in the JSON response, leaking internal HTTP client errors to the caller.\n\n## Impact\n\nThis is a semi-blind SSRF: the server makes the outbound request but the HTTP response body is consumed by `x509.ParseCertificate` and never returned to the attacker.\n\n- **Internal network reconnaissance.** The attacker can map internal hosts and ports by observing error differentiation in the API response: \"connection refused\" (port closed), \"i/o timeout\" (host unreachable or firewalled), DNS failure (host does not exist), or certificate-parse error (port open and responding). This enables systematic scanning of the internal network from the Coder server's vantage point.\n- **Requests to sensitive endpoints.** The server can be directed to hit cloud metadata services (e.g. `http://169.254.169.254/`), internal admin interfaces, or other services. The attacker cannot read the response content, but the request itself may have side effects depending on the target.\n- **Error-based information disclosure.** Wrapped Go HTTP client errors in the `Detail` field expose internal hostnames, IP addresses, port numbers, and network topology details.\n- **Memory exhaustion.** The unbounded `io.ReadAll` on the response body allows an attacker to point `IssuingCertificateURL` at a large resource, forcing the server to buffer it entirely in memory.\n\n## Patches\n\nFixed in [#25274](https://github.com/coder/coder/pull/25274) (commit [`57b11d405`](https://github.com/coder/coder/commit/57b11d405f17492aa789d4b9ff33366f961a37f8)):\n\nThe fix was backported to all supported release lines:\n\n| Release line | Patched version |\n|---|---|\n| 2.33 | [v2.33.3](https://github.com/coder/coder/releases/tag/v2.33.3) |\n| 2.32 | [v2.32.2](https://github.com/coder/coder/releases/tag/v2.32.2) |\n| 2.31 | [v2.31.12](https://github.com/coder/coder/releases/tag/v2.31.12) |\n| 2.30 | [v2.30.8](https://github.com/coder/coder/releases/tag/v2.30.8) |\n| 2.29 | [v2.29.13](https://github.com/coder/coder/releases/tag/v2.29.13) |\n| 2.24 (ESR) | [v2.24.5](https://github.com/coder/coder/releases/tag/v2.24.5) |\n\n## Workarounds\n\nIf the Azure identity-auth mechanism is not being used then restrict access to the corresponding endpoint (`/api/v2/workspaceagents/azure-instance-identity`) using ingress firewall and/or proxy ACLs.\n\n### Recognition\n\nWe'd like to thank [Ben Tran](https://github.com/bencalif) of [calif.io](http://calif.io/) and Anthropic's Security Team (`ANT-2026-22447`) for independently disclosing this issue!","references":[{"reference_url":"https://github.com/coder/coder","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coder/coder"},{"reference_url":"https://github.com/coder/coder/commit/57b11d405f17492aa789d4b9ff33366f961a37f8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coder/coder/commit/57b11d405f17492aa789d4b9ff33366f961a37f8"},{"reference_url":"https://github.com/coder/coder/pull/25274","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coder/coder/pull/25274"},{"reference_url":"https://github.com/coder/coder/releases/tag/v2.24.5","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coder/coder/releases/tag/v2.24.5"},{"reference_url":"https://github.com/coder/coder/releases/tag/v2.29.13","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coder/coder/releases/tag/v2.29.13"},{"reference_url":"https://github.com/coder/coder/releases/tag/v2.30.8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coder/coder/releases/tag/v2.30.8"},{"reference_url":"https://github.com/coder/coder/releases/tag/v2.31.12","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coder/coder/releases/tag/v2.31.12"},{"reference_url":"https://github.com/coder/coder/releases/tag/v2.32.2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coder/coder/releases/tag/v2.32.2"},{"reference_url":"https://github.com/coder/coder/releases/tag/v2.33.3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coder/coder/releases/tag/v2.33.3"},{"reference_url":"https://github.com/coder/coder/security/advisories/GHSA-686c-7vgv-v3fx","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coder/coder/security/advisories/GHSA-686c-7vgv-v3fx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114612?format=json","purl":"pkg:golang/github.com/coder/coder/v2@2.24.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/coder/coder/v2@2.24.5"},{"url":"http://public2.vulnerablecode.io/api/packages/114611?format=json","purl":"pkg:golang/github.com/coder/coder/v2@2.29.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/coder/coder/v2@2.29.13"},{"url":"http://public2.vulnerablecode.io/api/packages/114610?format=json","purl":"pkg:golang/github.com/coder/coder/v2@2.30.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/coder/coder/v2@2.30.8"},{"url":"http://public2.vulnerablecode.io/api/packages/114609?format=json","purl":"pkg:golang/github.com/coder/coder/v2@2.31.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/coder/coder/v2@2.31.12"},{"url":"http://public2.vulnerablecode.io/api/packages/114608?format=json","purl":"pkg:golang/github.com/coder/coder/v2@2.32.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/coder/coder/v2@2.32.2"},{"url":"http://public2.vulnerablecode.io/api/packages/114607?format=json","purl":"pkg:golang/github.com/coder/coder/v2@2.33.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/coder/coder/v2@2.33.3"}],"aliases":["CVE-2026-45796","GHSA-686c-7vgv-v3fx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6218-cd5b-skby"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/coder/coder/v2@2.31.12"}