Back to KEVs

CVE-2024-10081

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass...

Basic Information

CVE State
PUBLISHED
Reserved Date
October 17, 2024
Published Date
November 06, 2024
Last Updated
November 06, 2024
Vendor
Ericsson
Product
CodeChecker
Description
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. All endpoints, apart from the /Authentication is affected by the vulnerability. This issue affects CodeChecker: through 6.24.1.
Tags
nuclei_scanner

CVSS Scores

CVSS v3.1

10.0 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

EPSS Score

Score
56.05% (Percentile: 97.94%) as of 2025-06-12

SSVC Information

Exploitation
none
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2025-05-15 00:00:00 UTC) Source

References

https://github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-05-15 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-10081.yaml 2025-04-26 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Detected by Nuclei

  • Added to KEVIntel