10
CVE-2024-10081
- EPSS 40.06%
- Veröffentlicht 06.11.2024 15:15:11
- Zuletzt bearbeitet 14.11.2025 16:36:09
- Quelle 85b1779b-6ecd-4f52-bcc5-73eac4
- CVE-Watchlists
- Unerledigt
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. All endpoints, apart from the /Authentication is affected by the vulnerability. This issue affects CodeChecker: through 6.24.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ericsson ≫ Codechecker Version < 6.24.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 40.06% | 0.984 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
| 85b1779b-6ecd-4f52-bcc5-73eac4659dcf | 10 | 3.9 | 5.8 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
|
CWE-288 Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
CWE-420 Unprotected Alternate Channel
The product protects a primary channel, but it does not use the same level of protection for an alternate channel.
https://github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q