Security Advisory

CVE-2025-22610

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-01-24 16:33:17

Last updated 2025-01-24 21:30:24

Assigner GitHub_M

State PUBLISHED

Description

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the global coolify instance OAuth configuration. This exposes the "client id" and "client secret" for every custom OAuth provider. The attacker can also modify the global OAuth configuration. Version 4.0.0-beta.361 fixes the issue.

← Browse all CVEs View on cve.org ↗