Cross-Site Request Forgery Vulnerability in CodeChecker by Ericsson
CVE-2024-53829

8.2HIGH

Key Information:

Vendor: Ericsson
Status: Codechecker
Vendor: CVE Published:; 21 January 2025

What is CVE-2024-53829?

A cross-site request forgery vulnerability in CodeChecker allows unauthenticated attackers to compromise user sessions. By hijacking the authentication of a logged-in user, an attacker can interact with the CodeChecker web API, gaining the ability to modify, delete, or manage products without permission. The attacker must be aware of the product IDs to effect these changes. While direct data exfiltration is constrained due to the limitations of form-based CSRF, the potential for unauthorized actions poses a significant security risk.

Affected Version(s)

CodeChecker 0 <= 6.24.4

References

https://github.com/Ericsson/codechecker/security/advisori...

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Nov 22, 2024