Codechecker
Monthly
Authentication bypass in CodeChecker allows remote unauthenticated attackers to assign arbitrary permissions to any user through specially crafted URLs. All versions through 6.27.3 are affected, exposing static analysis infrastructure to complete compromise. CVSS 9.3 (Critical) with SSVC framework confirming total technical impact and automated exploitation potential. Proof-of-concept code exists (CVSS vector E:P), though CISA KEV does not currently list active exploitation. EPSS data unavailable but attack prerequisites are minimal (AV:N/AC:L/PR:N), making this a high-priority remediation target for organizations using CodeChecker in their development pipelines.
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Authentication bypass in CodeChecker allows remote unauthenticated attackers to assign arbitrary permissions to any user through specially crafted URLs. All versions through 6.27.3 are affected, exposing static analysis infrastructure to complete compromise. CVSS 9.3 (Critical) with SSVC framework confirming total technical impact and automated exploitation potential. Proof-of-concept code exists (CVSS vector E:P), though CISA KEV does not currently list active exploitation. EPSS data unavailable but attack prerequisites are minimal (AV:N/AC:L/PR:N), making this a high-priority remediation target for organizations using CodeChecker in their development pipelines.
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.