CVE-2024-10082

CVSS 3.1 Score 8.7 of 10 (high)

Details

Published Nov 6, 2024
CWE ID 305
CWE ID 842
CWE ID 330

Summary

CVE-2024-10082 is a vulnerability affecting the CodeChecker tool, which is used for analyzing code with Clang Static Analyzer and Clang Tidy. The weakness lies in the authentication method, where an attacker can create an account on an external authentication service and subsequently log in as the built-in root user. This root user, which is generated in a weak manner and cannot be disabled, has universal access and control via the web interface. To exploit this vulnerability, the attacker must acquire the username of the root user. CodeChecker versions up to and including 6.24.1 are impacted by this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share