CVE-2023-26114 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.2 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L
snyk	CNA	8.2 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L/E:P
CVE	ADP	---				---
CISA-ADP	ADP	9.3 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 16%

Vendor	Product	Version
coder	code-server	𝑥 < 4.10.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-1385 - Missing Origin Validation in WebSockets
The software uses a WebSocket, but it does not properly verify that the source of data or communication is valid.
CWE-346 - Origin Validation Error
The software does not properly verify that the source of data or communication is valid.

References

https://github.com/coder/code-server/commit/d477972c68fc8c8e8d610aa7287db87ba90e55c7

https://github.com/coder/code-server/releases/tag/v4.10.1

https://security.snyk.io/vuln/SNYK-JS-CODESERVER-3368148

https://github.com/coder/code-server/commit/d477972c68fc8c8e8d610aa7287db87ba90e55c7

https://github.com/coder/code-server/releases/tag/v4.10.1

https://security.snyk.io/vuln/SNYK-JS-CODESERVER-3368148