CVE-2024-10081

CRITICAL EXPLOITED NUCLEI

CodeChecker <6.24.1 - Auth Bypass

Title source: llm

Description

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. All endpoints, apart from the /Authentication is affected by the vulnerability. This issue affects CodeChecker: through 6.24.1.

Nuclei Templates (1)

CodeChecker <= 6.24.1 - Authentication Bypass

CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch

Shodan: http.favicon.hash:-1496590341

References (1)

[Vendor Advisory] https://github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q

Scores

CVSS v3 10.0

EPSS 0.7391

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Details

VulnCheck KEV 2024-12-10

CWE

CWE-288 CWE-420

Status published

Products (2)

ericsson/codechecker < 6.24.2

pypi/codechecker 0 - 6.24.2PyPI

Published Nov 06, 2024

Tracked Since Feb 18, 2026