How severe is CVE-2024-10081?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 10 out of 10.

What type of vulnerability is CVE-2024-10081?

This is classified as CWE-288, which is a common weakness in software security.

CVE-2024-10081 - CRITICAL Severity | CVSS 10

Vulnerability Description

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. All endpoints, apart from the /Authentication is affected by the vulnerability. This issue affects CodeChecker: through 6.24.1.

Related Vulnerabilities

CVE-2024-1709

CRITICAL

CVSS:10.0(Critical)

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential informat...

CWE-2882024

CVE-2024-2013

CRITICAL

CVSS:10.0(Critical)

An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-auth...

CWE-2882024

CVE-2024-2973

CRITICAL

CVSS:10.0(Critical)

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass ...

CWE-2882024

CVE-2017-5174

CRITICAL

CVSS:9.8(Critical)

An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architectur...

CWE-2882017

CVE-2017-9944

CRITICAL

CVSS:9.8(Critical)

A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticate...

CWE-2882017

CVE-2018-17918

CRITICAL

CVSS:9.8(Critical)

Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page.

CWE-2882018