Cross-Site Request Forgery Vulnerability in CodeChecker by Ericsson
CVE-2024-53829

8.2HIGH

Key Information:

Vendor: Ericsson
Status: Codechecker
Vendor: CVE Published:; 21 January 2025

What is CVE-2024-53829?

A cross-site request forgery vulnerability in CodeChecker allows unauthenticated attackers to compromise user sessions. By hijacking the authentication of a logged-in user, an attacker can interact with the CodeChecker web API, gaining the ability to modify, delete, or manage products without permission. The attacker must be aware of the product IDs to effect these changes. While direct data exfiltration is constrained due to the limitations of form-based CSRF, the potential for unauthorized actions poses a significant security risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CodeChecker 0 <= 6.24.4

References

https://github.com/Ericsson/codechecker/security/advisori...

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Nov 22, 2024

JSON

Ericsson