CVE-2023-49793
published 2024-06-24CVE-2023-49793: CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server…
PriorityP341medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.73%
49.6th percentile
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of `CodeChecker store` are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of `CodeChecker server`. The vulnerable endpoint is `/Default/v6.53/CodeCheckerService@massStoreRun`. The path traversal vulnerability allows reading data on the machine of the `CodeChecker server`, with the same permission level as the `CodeChecker server`.
The attack requires a user account on the `CodeChecker server`, with permission to store to a server, and view the stored report. This vulnerability has been patched in version 6.23.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ericsson | codechecker | < 6.23.0 | 6.23.0 |
| ericsson | codechecker | >= 0 < 46bada41e32f3ba0f6011d5c556b579f6dddf07a | 46bada41e32f3ba0f6011d5c556b579f6dddf07a |
| ericsson | codechecker | >= 0 < 6.23.0 | 6.23.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2023-49793: CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy
osv·2024-06-24
CVE-2023-49793 CVE-2023-49793: CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of `CodeChecker store` are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of `CodeChecker server`. The vulnerable endpoint is `/Default/v6.53/CodeCheckerService@massStoreRun`. The path traversal vulnerability allows reading data on the machine of the `CodeChecker server`, with the same permission level as the `CodeChecker server`.
The attack requires a user account on the `CodeChecker server`, with permission to store to a server, and view the stored report. This vulnerability has been patched in version 6.23.
OSV
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
osv·2024-06-24
CVE-2023-49793 [MEDIUM] CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
## Summary
ZIP files uploaded to the server-side endpoint handling a `CodeChecker store` are not properly sanitized. An attacker can exercise a path traversal to make the `CodeChecker server` load and display files from an arbitrary location on the server machine.
## Details
### Target
The vulnerable endpoint is `//v6.53/CodeCheckerService@massStoreRun`.
### Exploit overview
The attack is made possible by improper sanitization at one point in the process.
1. When the ZIP file is uploaded by `CodeChecker store`, it is first unzipped to a temporary directory (safely).
2. When deciding which files to insert into CodeChecker's internal database, the decision is made based on the `content_has
GHSA
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
ghsa·2024-06-24
CVE-2023-49793 [MEDIUM] CWE-22 CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
## Summary
ZIP files uploaded to the server-side endpoint handling a `CodeChecker store` are not properly sanitized. An attacker can exercise a path traversal to make the `CodeChecker server` load and display files from an arbitrary location on the server machine.
## Details
### Target
The vulnerable endpoint is `//v6.53/CodeCheckerService@massStoreRun`.
### Exploit overview
The attack is made possible by improper sanitization at one point in the process.
1. When the ZIP file is uploaded by `CodeChecker store`, it is first unzipped to a temporary directory (safely).
2. When deciding which files to insert into CodeChecker's internal database, the decision is made based on the `content_has
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/Ericsson/codechecker/commit/46bada41e32f3ba0f6011d5c556b579f6dddf07ahttps://github.com/Ericsson/codechecker/security/advisories/GHSA-h26w-r4m5-8rrfhttps://github.com/Ericsson/codechecker/commit/46bada41e32f3ba0f6011d5c556b579f6dddf07ahttps://github.com/Ericsson/codechecker/security/advisories/GHSA-h26w-r4m5-8rrf
2024-06-24
Published