CVE-2024-10081

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints includ...

CVE-2024-10081

CodeChecker (analyzer tooling for Clang) is affected by CVE-2024-10081 through version 6.24.1. The vulnerability is an authentication bypass triggered when the API URL ends with Authentication, Configuration, or ServerInfo, allowing superuser access to all API endpoints other than Authentication,...

CodeChecker 安全漏洞

CodeChecker is an open source Clang Static Analyzer and Clang Tidy analysis tool, defect database and viewer extension from Ericsson. A security vulnerability exists in CodeChecker 6.24.1 and earlier versions that stems from an authentication bypass that occurs when an API URL ends in...

CodeChecker 安全漏洞

CodeChecker is an open source Clang Static Analyzer and Clang Tidy analysis tool, defect database and viewer extension from Ericsson. A security vulnerability exists in CodeChecker 6.24.1 and earlier versions, which stems from an obfuscated authentication method that allows logging in as the...

PT-2024-16015

Name of the Vulnerable Software and Affected Versions CodeChecker versions through 6.24.1 Description Authentication bypass occurs when the API URL ends with Authentication, allowing superuser access to all API endpoints other than /Authentication. These endpoints include the ability to add, edit...

Path Traversal

CodeChecker is vulnerable to a Path traversal. The vulnerability is due to improper sanitization of ZIP files at the CodeCheckerService@massStoreRun endpoint. An attackers can exploit this by inserting arbitrary files into internal database, which can then be displayed through the Web interface...

CVE-2023-49793

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine o...

PYSEC-2024-54

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine o...

PYSEC-2024-54

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine o...

CVE-2023-49793 Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine o...

CVE-2023-49793 Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine o...

CVE-2023-49793 Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine o...

CVE-2023-49793

CVE-2023-49793 describes a path traversal in CodeChecker server via the massStoreRun endpoint (CodeCheckerService). ZIPs uploaded to CodeChecker store are not sanitized, allowing reading files from the server with the same permissions as the CodeChecker server. Attack requires a CodeChecker user ...

GHSA-H26W-R4M5-8RRF CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`

Summary ZIP files uploaded to the server-side endpoint handling a CodeChecker store are not properly sanitized. An attacker can exercise a path traversal to make the CodeChecker server load and display files from an arbitrary location on the server machine. Details Target The vulnerable endpoint ...

CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`

Summary ZIP files uploaded to the server-side endpoint handling a CodeChecker store are not properly sanitized. An attacker can exercise a path traversal to make the CodeChecker server load and display files from an arbitrary location on the server machine. Details Target The vulnerable endpoint ...

CodeChecker Path Traversal Vulnerability

Codechecker is an analysis tool, defect database and viewer extension for Clang Static Analyzer and Clang Tidy. A security vulnerability exists in CodeChecker versions prior to 6.23, which stems from Zip files uploaded to the CodeChecker store server endpoint that are not properly cleaned...

CVE-2022-22087

memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

GHSA-FXMX-PFM2-85M2 Cross-site Scripting in Ericsson CodeChecker

In Ericsson CodeChecker prior to 6.18.2, a Stored Cross-site scripting XSS vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API...

Cross-site Scripting in Ericsson CodeChecker

In Ericsson CodeChecker prior to 6.18.2, a Stored Cross-site scripting XSS vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API...

CVE-2021-44217

In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting XSS vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API...