CVE-2024-10081: codechecker vulnerable to authentication bypass when using specifically crafted URLs

November 6, 2024

Authentication bypass occurs when the API URL ends with Authentication, Configuration or ServerInfo. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others.

References

github.com/Ericsson/codechecker
github.com/Ericsson/codechecker/commit/ad41702e3108e4b92ae5d0143a5b961cc34195eb
github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q
github.com/advisories/GHSA-f3f8-vx3w-hp5q
nvd.nist.gov/vuln/detail/CVE-2024-10081

Detect and mitigate CVE-2024-10081 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →