CVE-2024-10081
CVSS 3.1 Score 10.0 of 10 (high)
Details
Published Nov 6, 2024
CWE ID 420
CWE ID 288
Summary
CVE-2024-10081 is a vulnerability affecting the CodeChecker tool, an analyzer and viewer extension for Clang Static Analyzer and Clang Tidy. The issue stems from an authentication bypass in the API, where endpoints, excluding the Authentication one, are accessible without proper authentication. Consequently, attackers can manipulate products by adding, editing, and removing them, posing a significant security risk. This vulnerability impacts CodeChecker versions up to and including 6.24.1.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Telefonaktiebolaget LM Ericsson