Authentication Method Confusion in CodeChecker by Ericsson
CVE-2024-10082
Currently unrated
What is CVE-2024-10082?
The vulnerability in CodeChecker opens pathways for unauthorized access due to an authentication method confusion. This arises from the built-in root user generated through a weak mechanism that cannot be disabled and possesses universal access. An attacker with the capability to create an account on an enabled external authentication service can potentially log in as the root user if they acquire the username. This allows them to gain control over all functions accessible via the web interface, leading to significant security implications. This issue impacts CodeChecker in versions up to and including 6.24.1.