CVE-2024-10081: codechecker vulnerable to authentication bypass when using specifically crafted URLs
(updated )
Authentication bypass occurs when the API URL ends with Authentication, Configuration or ServerInfo. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others.
References
- github.com/Ericsson/codechecker
- github.com/Ericsson/codechecker/commit/ad41702e3108e4b92ae5d0143a5b961cc34195eb
- github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q
- github.com/advisories/GHSA-f3f8-vx3w-hp5q
- github.com/pypa/advisory-database/tree/main/vulns/codechecker/PYSEC-2024-238.yaml
- nvd.nist.gov/vuln/detail/CVE-2024-10081
Code Behaviors & Features
Detect and mitigate CVE-2024-10081 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →