Authentication Bypass in CodeChecker by Ericsson
CVE-2024-10081
Currently unrated
What is CVE-2024-10081?
An authentication bypass vulnerability has been identified in CodeChecker, an analyzer tooling and viewer extension for the Clang Static Analyzer and Clang Tidy. This vulnerability allows unauthorized access to vital API endpoints, permitting users to perform actions such as adding, editing, and removing products without proper credentials. The affected endpoints enable superuser capabilities, putting system integrity at risk when the API URL ends with 'Authentication'. This issue impacts all versions through 6.24.1.