Vulnerability DatabaseCVE-2024-10081
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-10081
November 06, 2024
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. All endpoints, apart from the /Authentication is affected by the vulnerability. This issue affects CodeChecker: through 6.24.1.
Affected Packages
codechecker (PYTHON):
Affected version(s) >=6.16.0a1 <6.24.2
Fix Suggestion:
Update to version 6.24.2
Related Resources (5)
https://github.com/Ericsson/codechecker/commit/ad41702e3108e4b92ae5d0143a5b961cc34195eb
https://nvd.nist.gov/vuln/detail/CVE-2024-10081
https://github.com/pypa/advisory-database/tree/main/vulns/codechecker/PYSEC-2024-238.yaml
https://github.com/Ericsson/codechecker
https://github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q
Do you need more information?
Contact Us
CVSS v4
Base Score:
9.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
NONE
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
HIGH
Subsequent System Availability
NONE
CVSS v3
Base Score:
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE
Weakness Type (CWE)
Authentication Bypass Using an Alternate Path or Channel
CWE-288
Unprotected Alternate Channel
CWE-420
EPSS
Base Score:
71.77