{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/coder--v2.33.10/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Coder \u003c v2.34.4","Coder \u003c v2.33.10","Coder \u003c v2.32.9","Coder \u003c v2.29.19"],"_cs_severities":["high"],"_cs_tags":["vulnerability","rce","file-manipulation","coder","server-side-request-forgery","ghsa"],"_cs_type":"advisory","_cs_vendors":["Coder"],"content_html":"\u003cp\u003eA critical vulnerability (tracked as GHSA-qrwj-vh9x-gw5v) has been identified in Coder, a developer workspace platform, affecting its workspace agent API's redirect handling. Specifically, the \u003ccode\u003eagentConn.apiClient()\u003c/code\u003e utilized the default redirect behavior of \u003ccode\u003ehttp.Client\u003c/code\u003e, which could be abused by an authenticated user. By controlling a modified workspace agent, an attacker can craft HTTP redirects (e.g., 307 or 308) to point the control-plane client towards a victim agent's internal tailnet IP address. This bypasses security checks and causes subsequent API requests, intended for the attacker's agent, to be sent to the victim's agent instead. This can lead to unauthorized file reading and writing as the victim workspace user. In affected versions that expose the workspace agent process API, this primitive can be chained to achieve arbitrary command execution, effectively allowing attackers to cross workspace and tenant boundaries. The vulnerability affects Coder versions prior to v2.34.4, v2.33.10, v2.32.9, and v2.29.19 (ESR).\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated user gains control over and modifies a Coder workspace agent within their own workspace.\u003c/li\u003e\n\u003cli\u003eThe attacker, knowing the victim agent's UUID, deterministically calculates the victim agent's tailnet IP address.\u003c/li\u003e\n\u003cli\u003eThe attacker's modified agent returns an HTTP redirect (e.g., 307 or 308) in response to a control-plane client's API request.\u003c/li\u003e\n\u003cli\u003eThe crafted redirect's Location header specifies the derived tailnet IP of the victim agent.\u003c/li\u003e\n\u003cli\u003eDue to insecure default redirect handling, the control-plane client follows the redirect, sending its subsequent workspace agent API request to the victim agent's IP instead of the intended (attacker's) agent.\u003c/li\u003e\n\u003cli\u003eThe victim agent, processing the request as if it originated legitimately from the control plane, performs the requested action (e.g., file read or write).\u003c/li\u003e\n\u003cli\u003eIf the workspace agent process API is exposed, the attacker writes a malicious payload via the redirected file API.\u003c/li\u003e\n\u003cli\u003eThe attacker then redirects a process-start request to execute the payload, achieving remote command execution as the victim workspace user and crossing workspace/tenant boundaries.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows an authenticated user to gain unauthorized access to files and potentially achieve remote code execution (RCE) on other workspace agents within the Coder environment. This means an attacker can read sensitive files, modify critical data, or execute arbitrary commands as the victim workspace user, effectively compromising other users' workspaces and potentially breaching tenant boundaries. The consequence could range from data exfiltration and sabotage to complete compromise of sensitive development environments, leading to intellectual property theft or further network penetration. The vulnerability requires an authenticated user with control over a modified agent but the impact extends beyond their initial scope.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade all Coder installations immediately to a patched version: v2.34.4, v2.33.10, v2.32.9, or v2.29.19 (ESR) or later, as specified in the provided patches section.\u003c/li\u003e\n\u003cli\u003eEnsure that Coder instances are updated to address GHSA-qrwj-vh9x-gw5v to disable automatic redirect following for workspace agent API clients.\u003c/li\u003e\n\u003cli\u003eConfirm that all workspace agent API dials pin to the intended agent's deterministic tailnet address and reject requests whose URL host does not match the intended agent, as described in the fix.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-06T21:57:28Z","date_published":"2026-07-06T21:57:28Z","id":"https://feed.craftedsignal.io/briefs/2026-07-coder-insecure-redirect/","summary":"An authenticated user can exploit insecure redirect handling in the Coder workspace agent API to redirect API requests from their modified agent to a victim's online agent, enabling unauthorized file read/write operations and potential remote command execution across workspace and tenant boundaries.","title":"Coder Workspace Agent API Insecure Redirect Handling Allows Cross-Agent File Access and RCE","url":"https://feed.craftedsignal.io/briefs/2026-07-coder-insecure-redirect/"}],"language":"en","title":"CraftedSignal Threat Feed - Coder \u003c V2.33.10","version":"https://jsonfeed.org/version/1.1"}