logo

Database

Insecure session management In github.com/coder/coder

Description

Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token in github.com/coder/coder Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token in github.com/coder/coder

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. OSV-GO-2025-39212. GHSA-3rw9-wmc8-89483. GCVE-GHSA-3rw9-wmc8-89484. GHSA-3rw9-wmc8-8948

References

1. https://github.com/coder/coder/commit/1a4160803589034ce1518e24a78f232c8d08f9962. https://github.com/coder/coder/security/advisories/GHSA-3rw9-wmc8-8948

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.