mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
64 lines
2.6 KiB
JSON
64 lines
2.6 KiB
JSON
{
|
|
"id": "CVE-2024-10081",
|
|
"sourceIdentifier": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
|
|
"published": "2024-11-06T15:15:11.480",
|
|
"lastModified": "2024-11-06T18:17:17.287",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \nAuthentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. All endpoints, apart from the /Authentication is affected by the vulnerability.\n\nThis issue affects CodeChecker: through 6.24.1."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "CodeChecker es una herramienta de an\u00e1lisis, una base de datos de defectos y una extensi\u00f3n de visualizaci\u00f3n para Clang Static Analyzer y Clang Tidy. La omisi\u00f3n de autenticaci\u00f3n se produce cuando la URL de la API termina con Autenticaci\u00f3n. Esta omisi\u00f3n permite el acceso de superusuario a todos los endpoints de la API excepto Autenticaci\u00f3n. Estos endpoints incluyen la capacidad de agregar, editar y eliminar productos, entre otras cosas. Todos los endpoints, excepto /Authentication, se ven afectados por la vulnerabilidad. Este problema afecta a CodeChecker: hasta la versi\u00f3n 6.24.1."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
|
|
"baseScore": 10.0,
|
|
"baseSeverity": "CRITICAL",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.8
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-288"
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-420"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q",
|
|
"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf"
|
|
}
|
|
]
|
|
} |