CVE-2024-10081 — CRITICAL (10.0)

Q: How severe is CVE-2024-10081?

CVE-2024-10081 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2024-10081?

Check the references section above for vendor advisories and patch information. Affected products include: Ericsson Codechecker.

Vulnerability Description

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. All endpoints, apart from the /Authentication is affected by the vulnerability. This issue affects CodeChecker: through 6.24.1.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Ericsson	Codechecker	< 6.24.2

Related Weaknesses (CWE)

CWE-420 CWE-288

References

https://github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5qVendor Advisory

FAQ

What is CVE-2024-10081?

CVE-2024-10081 is a vulnerability with a CVSS score of 10.0 (CRITICAL). CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This byp...

How severe is CVE-2024-10081?

CVE-2024-10081 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-10081?

Check the references section above for vendor advisories and patch information. Affected products include: Ericsson Codechecker.