107 matches found
CVE-2025-1300
CVE-2025-1300 — Open redirect in CodeChecker web server . The issue is in the CodeChecker web server where insufficient protection against multiple slashes after the product name in the URL allows an open redirect, bypassing protections related to CVE-2021-28861. Affected software is CodeChecker ...
CVE-2025-1300 Open redirect in CodeChecker web server
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. The CodeChecker web server contains an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL. This results in bypassin...
PT-2025-9087
Name of the Vulnerable Software and Affected Versions CodeChecker versions through 6.24.5 Description The CodeChecker web server contains an open redirect issue due to insufficient protection against multiple slashes in the URL after the product name. This allows bypassing existing protections,...
CodeChecker 安全漏洞
CodeChecker is an open source Clang Static Analyzer and Clang Tidy analysis tool, defect database and viewer extension from Ericsson. A security vulnerability exists in CodeChecker 6.24.5 and earlier versions that stems from a lack of multiple slash protection after the product name in the URL,...
CVE-2024-10082
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot...
CVE-2024-10081
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints includ...
CVE-2024-53829
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not...
Cross-Site Request Forgery (CSRF)
codechecker is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper authentication handling in CodeChecker, which allows an attacker to hijack the authentication of a logged-in user and perform actions with the same permissions...
Cross-site Request Forgery (CSRF)
Overview codechecker is an analyzer tooling, defect database and viewer extension Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to missing security attributes from the session cookie. Remediation Upgrade codechecker to version 6.25.0 or higher. References...
Cross-Site Request Forgery in CodeChecker API
Summary Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions. Details Security attributes like HttpOnly and SameSite are missing from the session cookie, allowing its use from XHR requests and...
GHSA-F8C8-4PM7-W885 Cross-Site Request Forgery in CodeChecker API
Summary Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions. Details Security attributes like HttpOnly and SameSite are missing from the session cookie, allowing its use from XHR requests and...
CVE-2024-53829
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not...
CVE-2024-53829
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not...
PYSEC-2025-12
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions,including but not...
PYSEC-2025-12
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not...
CVE-2024-53829 Cross-Site Request Forgery in CodeChecker API
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not...
CVE-2024-53829 Cross-Site Request Forgery in CodeChecker API
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not...
CVE-2024-53829
CodeChecker exposes a Cross-Site Request Forgery (CSRF) vulnerability in its API affecting CodeChecker up to version 6.24.4. An unauthenticated attacker can leverage a forged request to perform actions with the victim’s session, including adding, removing, or editing products, provided they know ...
PT-2025-2984
Name of the Vulnerable Software and Affected Versions CodeChecker versions through 6.24.4 Description Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged-in user and use the web API with the same permissions, including adding, removing, or editin...
CodeChecker 跨站请求伪造漏洞
CodeChecker is an open source Clang Static Analyzer and Clang Tidy analysis tool, defect database and viewer extension from Ericsson. A security vulnerability exists in CodeChecker versions prior to 6.24.5 that stems from the presence of a cross-site request forgery vulnerability that allows an...