Codechecker
Approved changes feed: RSS · Atom
cpe:2.3:a:ericsson:codechecker:6.23:*:*:*:*:*:*:*
part: a version: 6.23 update: *
| Vendor | Ericsson (198bbf36-f632-548c-bd14-c61a678abe8e) |
|---|---|
| Product | Codechecker (570eb6d2-a0a6-545e-910e-8d27c243b61d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-49793 |
vulnerable | 2026-06-03 14:53:26.444666 |
Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
MEDIUM (6.5)
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of `CodeChecker store` are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of `CodeChecker server`. The vulnerable endpoint is `/Default/v6.53/CodeCheckerService@massStoreRun`. The path traversal vulnerability allows reading data on the machine of the `CodeChecker server`, with the same permission level as the `CodeChecker server`.
The attack requires a user account on the `CodeChecker server`, with permission to store to a server, and view the stored report. This vulnerability has been patched in version 6.23.
Published: 2024-06-24T17:36:21.827Z
Updated: 2024-08-02T22:01:26.011Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.