logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2023-49793

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2023-49793

Description:
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of `CodeChecker store` are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of `CodeChecker server`. The vulnerable endpoint is `/Default/v6.53/CodeCheckerService@massStoreRun`. The path traversal vulnerability allows reading data on the machine of the `CodeChecker server`, with the same permission level as the `CodeChecker server`. The attack requires a user account on the `CodeChecker server`, with permission to store to a server, and view the stored report. This vulnerability has been patched in version 6.23.
Last updated date:
06/26/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
06/26/2024
Reference url to background

https://github.com/Ericsson/codechecker/security/advisories/GHSA-h26w-r4m5-8rrf

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy