GHSA-F3F8-VX3W-HP5Q

Vulnerability from github – Published: 2024-11-06 15:57 – Updated: 2025-11-15 03:17
VLAI?
Summary
codechecker vulnerable to authentication bypass when using specifically crafted URLs
Details

Summary

Authentication bypass occurs when the API URL ends with Authentication, Configuration or ServerInfo. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others.

Details

All endpoints, apart from the /Authentication is affected by the vulnerability.

The vulnerability allows unauthenticated users to access all API functionality. You can look for the following pattern in the logs to check if the vulnerabilty was exploited: image

Note that the url starts with v and contains a valid CodeChecker endpoint, but it ends in Authentication, Configuration or ServerInfo and it was made by an Anonymous user.

Impact

This authentication bypass allows querying, adding, changing, and deleting Products contained on the CodeChecker server, without authentication, by an anonymous user.

Severity ?
10.0 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
9.9 (Critical)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "codechecker"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.24.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-10081"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-06T15:57:08Z",
    "nvd_published_at": "2024-11-06T15:15:11Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\nAuthentication bypass occurs when the API URL ends with Authentication, Configuration or ServerInfo. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others.\n\n### Details\nAll endpoints, apart from the /Authentication is affected by the vulnerability.\n\nThe vulnerability allows unauthenticated users to access all API functionality.\nYou can look for the following pattern in the logs to check if the vulnerabilty was exploited:\n![image](https://github.com/user-attachments/assets/6ba02231-a3d8-4832-aee6-f96462b7441e)\n\nNote that the url starts with v and contains a valid CodeChecker endpoint, but it ends in `Authentication`, `Configuration` or `ServerInfo` and it was made by an `Anonymous` user.\n\n### Impact\nThis authentication bypass allows querying, adding, changing, and deleting Products contained on the CodeChecker server, without authentication, by an anonymous user.",
  "id": "GHSA-f3f8-vx3w-hp5q",
  "modified": "2025-11-15T03:17:05Z",
  "published": "2024-11-06T15:57:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10081"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Ericsson/codechecker/commit/ad41702e3108e4b92ae5d0143a5b961cc34195eb"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Ericsson/codechecker"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/codechecker/PYSEC-2024-238.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "codechecker vulnerable to authentication bypass when using specifically crafted URLs"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.