Codechecker Security Vulnerabilities and Issues — Codechecker CVE List

EricssonCodechecker

8 matches found

CVE•added 2024/11/06 2:33 p.m.•93 views

CVE-2024-10081

CodeChecker (analyzer tooling for Clang) is affected by CVE-2024-10081 through version 6.24.1. The vulnerability is an authentication bypass triggered when the API URL ends with Authentication, Configuration, or ServerInfo, allowing superuser access to all API endpoints other than Authentication,...

10CVSS7AI score0.3922EPSS

In wild

CVE•added 2025/01/21 3:7 p.m.•87 views

CVE-2024-53829

CodeChecker exposes a Cross-Site Request Forgery (CSRF) vulnerability in its API affecting CodeChecker up to version 6.24.4. An unauthenticated attacker can leverage a forged request to perform actions with the victim’s session, including adding, removing, or editing products, provided they know ...

8.2CVSS8.5AI score0.00233EPSS

CVE•added 2022/01/18 3:0 p.m.•85 views

CVE-2021-44217

Ericsson CodeChecker up to version 6.18.0 contains a stored XSS in the comments component of the reports viewer, exploitable via POST JSON data to the /CodeCheckerService API. This allows remote attackers to inject arbitrary web script or HTML. Related advisories indicate a fix was issued in or a...

6.1CVSS6AI score0.01626EPSS

CVE•added 2025/02/28 12:47 p.m.•59 views

CVE-2025-1300

CVE-2025-1300 — Open redirect in CodeChecker web server . The issue is in the CodeChecker web server where insufficient protection against multiple slashes after the product name in the URL allows an open redirect, bypassing protections related to CVE-2021-28861. Affected software is CodeChecker ...

6.1CVSS6.4AI score0.00246EPSS

CVE•added 2024/06/24 5:36 p.m.•54 views

CVE-2023-49793

CVE-2023-49793 describes a path traversal in CodeChecker server via the massStoreRun endpoint (CodeCheckerService). ZIPs uploaded to CodeChecker store are not sanitized, allowing reading files from the server with the same permissions as the CodeChecker server. Attack requires a CodeChecker user ...

6.5CVSS6.3AI score0.0073EPSS

CVE•added 2024/11/06 2:34 p.m.•40 views

CVE-2024-10082

Summary (CVE-2024-10082) CodeChecker (Clang Static Analyzer/Tidy tooling) up to version 6.24.1 contains an authentication flaw: an auto-generated built-in root user with superuser permissions that cannot be disabled. An attacker who can create an account on an enabled external authentication serv...

9CVSS7.2AI score0.00472EPSS

CVE•added 2026/04/24 1:10 p.m.•10 views

CVE-2026-25660

CVE-2026-25660 affects CodeChecker (analyzer tooling, defect DB, and viewer extension for Clang Static Analyzer and Clang-Tidy) up to version 6.27.3. The issue is an authentication bypass triggered when the URL ends with certain function calls, allowing assignment of arbitrary permissions to any ...

10CVSS5.4AI score0.00413EPSS

CVE•added 2025/10/28 6:49 p.m.•9 views

CVE-2025-40843

CodeChecker (analyzer tooling) up to version 6.26.1 contains a buffer overflow in the internal ldlogger library used by the CodeChecker log command. The vulnerability stems from unsafe use of strcpy() into a fixed 4096-byte stack buffer, enabling an attacker to cause a crash or potentially execut...

7.8CVSS6.8AI score0.00159EPSS