Incorrect Authorization

Overview codechecker is an analyzer tooling, defect database and viewer extension Affected versions of this package are vulnerable to Incorrect Authorization via the Authentication endpoint functions, including getAuthorisedNames, getPermissionsForUser, hasPermission, addPermission, and...

Codechecker has an authentication bypass for certain API calls

Summary Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker. Details The following functions are affected under the Authentication endpoint: getAuthorisedNames,...

EUVD-2022-0591

Malicious code in bioql PyPI...

EUVD-2024-0028

Malicious code in bioql PyPI...

CVE-2023-49793

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine o...

CVE-2025-1300 Open redirect in CodeChecker web server

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. The CodeChecker web server contains an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL. This results in bypassin...

CVE-2024-10082

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot...

CVE-2024-53829

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not...

CVE-2024-53829

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not...

CVE-2024-53829

CodeChecker exposes a Cross-Site Request Forgery (CSRF) vulnerability in its API affecting CodeChecker up to version 6.24.4. An unauthenticated attacker can leverage a forged request to perform actions with the victim’s session, including adding, removing, or editing products, provided they know ...

PYSEC-2024-238

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints includ...

CVE-2024-10081

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints includ...

PYSEC-2024-183

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot...

CodeChecker 安全漏洞

CodeChecker is an open source Clang Static Analyzer and Clang Tidy analysis tool, defect database and viewer extension from Ericsson. A security vulnerability exists in CodeChecker 6.24.1 and earlier versions, which stems from an obfuscated authentication method that allows logging in as the...