Overview
- Description
- CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. All endpoints, apart from the /Authentication is affected by the vulnerability. This issue affects CodeChecker: through 6.24.1.
- Source
- 85b1779b-6ecd-4f52-bcc5-73eac4659dcf
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 5.8
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
- Severity
- CRITICAL
Weaknesses
- 85b1779b-6ecd-4f52-bcc5-73eac4659dcf
- CWE-288
Social media
- Hype score
- Not currently trending
[CVE-2024-10081: CRITICAL] CodeChecker has an authentication bypass vulnerability allowing superuser access to all API endpoints except Authentication. The flaw affects versions up to 6.24.1.#cybersecurity,#vulnerability https://t.co/gfwzSb1iIb https://t.co/FlTa11oZJo
@CveFindCom
6 Nov 2024
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10081 CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL … https://t.co/qyTbdXdVvh
@CVEnew
6 Nov 2024
479 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes