CVE-2024-10082
CVSS 3.1 Score 8.7 of 10 (high)
Details
Summary
CVE-2024-10082 is a vulnerability affecting the CodeChecker tool, which is used for analyzing code with Clang Static Analyzer and Clang Tidy. The weakness lies in the authentication method, where an attacker can create an account on an external authentication service and subsequently log in as the built-in root user. This root user, which is generated in a weak manner and cannot be disabled, has universal access and control via the web interface. To exploit this vulnerability, the attacker must acquire the username of the root user. CodeChecker versions up to and including 6.24.1 are impacted by this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Telefonaktiebolaget LM Ericsson