1. Home
  2. CVE Database
  3. CVE-2024-53829
HIGH · 8.2

CVE-2024-53829

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the auth...

Vulnerability Description

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not limited to adding, removing or editing products. The attacker needs to know the ID of the available products to modify or delete them. The attacker cannot directly exfiltrate data (view) from CodeChecker, due to being limited to form-based CSRF. This issue affects CodeChecker: through 6.24.4.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
EricssonCodechecker< 6.24.5

Related Weaknesses (CWE)

CWE-352

References

FAQ

What is CVE-2024-53829?

CVE-2024-53829 is a vulnerability with a CVSS score of 8.2 (HIGH). CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the auth...

How severe is CVE-2024-53829?

CVE-2024-53829 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-53829?

Check the references section above for vendor advisories and patch information. Affected products include: Ericsson Codechecker.