CVE-2024-53829Cross-Site Request Forgery in Codechecker

CWE-352Cross-Site Request Forgery5 documents4 sources
Severity
8.2HIGHNVD
EPSS
0.2%
top 60.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ericsson Codechecker
Timeline
PublishedJan 21

Description

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not limited to adding, removing or editing products. The attacker needs to know the ID of the available products to modify or delete them. The attacker cannot directly exfiltrate data (view) from CodeChecker,

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:NExploitability: 2.8 | Impact: 4.7

Affected Packages3 packages

NVDericsson/codechecker< 6.24.5
PyPIericsson/codechecker< 6.25.0+1
CVEListV5ericsson/codechecker6.24.4

🔴Vulnerability Details

4
OSV
CVE-2024-53829: CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy2025-01-21
OSV
Cross-Site Request Forgery in CodeChecker API2025-01-21
CVEList
Cross-Site Request Forgery in CodeChecker API2025-01-21
GHSA
Cross-Site Request Forgery in CodeChecker API2025-01-21
CVE-2024-53829 — Cross-Site Request Forgery | cvebase