CVE-2024-10081

CVSS 3.1 Score 10.0 of 10 (high)

Details

Published Nov 6, 2024
CWE ID 420
CWE ID 288

Summary

CVE-2024-10081 is a vulnerability affecting the CodeChecker tool, an analyzer and viewer extension for Clang Static Analyzer and Clang Tidy. The issue stems from an authentication bypass in the API, where endpoints, excluding the Authentication one, are accessible without proper authentication. Consequently, attackers can manipulate products by adding, editing, and removing them, posing a significant security risk. This vulnerability impacts CodeChecker versions up to and including 6.24.1.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share