Origin Validation Error
CVE-2023-26114
Summary
Versions of the package code-server prior to 4.10.1-rc.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.
- LOW
- NETWORK
- HIGH
- CHANGED
- REQUIRED
- NONE
- HIGH
- NONE
CWE-346 - Origin Validation Error
The software does not properly verify that the source of data or communication is valid.
References
Advisory Timeline
- Published
