What is CVE-2024-10081?

CVE-2024-10081 is a critical-severity vulnerability in Ericsson Codechecker, classified under Authentication Bypass Using an Alternate Path or Channel. CVSS score: 10.0/10. Published 2024-11-06.

How severe is CVE-2024-10081?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Is CVE-2024-10081 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ericsson Codechecker

CVE-2024-10081

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API…

EPSS: 0.739 (98.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N.

Affected products

Ericsson Codechecker — versions 0

Weakness classification (CWE)

Public proof-of-concept exploits

References

github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q (vendor-advisory)

Frequently asked questions

What is CVE-2024-10081?: CVE-2024-10081 is a critical-severity vulnerability in Ericsson Codechecker, classified under Authentication Bypass Using an Alternate Path or Channel. CVSS score: 10.0/10. Published 2024-11-06.
How severe is CVE-2024-10081?: Critical severity. CVSS v3 base score is 10.0 out of 10.
Is CVE-2024-10081 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.