CVE-2023-49793Path Traversal in Codechecker

CWE-22Path Traversal5 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.8%
top 25.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ericsson Codechecker
Timeline
PublishedJun 24

Description

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of `CodeChecker store` are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of `CodeChecker server`. The vulnerable endpoint is `/Default/v6.53/CodeCheckerService@massStoreRun`. The path traversal vulnerability allows reading data on the machine of the `CodeChecker server`, wit

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5ericsson/codechecker< 6.23.0
NVDericsson/codechecker< 6.23.0
PyPIericsson/codechecker< 46bada41e32f3ba0f6011d5c556b579f6dddf07a+1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
CVE-2023-49793: CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy2024-06-24
OSV
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`2024-06-24
GHSA
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`2024-06-24
CVEList
Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`2024-06-24
CVE-2023-49793 — Path Traversal in Ericsson Codechecker | cvebase