{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36925?format=json","vulnerability_id":"VCID-h6wn-2dtj-q7hq","summary":"CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \nAuthentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot be disabled, and has universal access.This vulnerability allows an attacker who can create an account on an enabled external authentication service, to log in as the root user, and access and control everything that can be controlled via the web interface. The attacker needs to acquire the username of the root user to be successful.\n\nThis issue affects CodeChecker: through 6.24.1.","aliases":[{"alias":"CVE-2024-10082"},{"alias":"GHSA-fpm5-2wcj-vfr7"},{"alias":"PYSEC-2024-183"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43805?format=json","purl":"pkg:pypi/codechecker@6.24.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.24.2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41778?format=json","purl":"pkg:pypi/codechecker@6.16.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-dxb5-cwgk-6uhg"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.16.0a1"},{"url":"http://public2.vulnerablecode.io/api/packages/41779?format=json","purl":"pkg:pypi/codechecker@6.16.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-dxb5-cwgk-6uhg"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.16.0"},{"url":"http://public2.vulnerablecode.io/api/packages/41780?format=json","purl":"pkg:pypi/codechecker@6.17.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-dxb5-cwgk-6uhg"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.17.0"},{"url":"http://public2.vulnerablecode.io/api/packages/41781?format=json","purl":"pkg:pypi/codechecker@6.18.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-dxb5-cwgk-6uhg"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.18.0"},{"url":"http://public2.vulnerablecode.io/api/packages/41782?format=json","purl":"pkg:pypi/codechecker@6.18.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-dxb5-cwgk-6uhg"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.18.1"},{"url":"http://public2.vulnerablecode.io/api/packages/41783?format=json","purl":"pkg:pypi/codechecker@6.18.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-dxb5-cwgk-6uhg"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.18.2"},{"url":"http://public2.vulnerablecode.io/api/packages/41784?format=json","purl":"pkg:pypi/codechecker@6.19.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-dxb5-cwgk-6uhg"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.19.0"},{"url":"http://public2.vulnerablecode.io/api/packages/41785?format=json","purl":"pkg:pypi/codechecker@6.19.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-dxb5-cwgk-6uhg"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.19.1"},{"url":"http://public2.vulnerablecode.io/api/packages/41786?format=json","purl":"pkg:pypi/codechecker@6.20.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-dxb5-cwgk-6uhg"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.20.0rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/41787?format=json","purl":"pkg:pypi/codechecker@6.20.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-dxb5-cwgk-6uhg"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.20.0"},{"url":"http://public2.vulnerablecode.io/api/packages/41788?format=json","purl":"pkg:pypi/codechecker@6.21.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-dxb5-cwgk-6uhg"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.21.0rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/41789?format=json","purl":"pkg:pypi/codechecker@6.21.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-dxb5-cwgk-6uhg"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.21.0"},{"url":"http://public2.vulnerablecode.io/api/packages/41790?format=json","purl":"pkg:pypi/codechecker@6.22.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-dxb5-cwgk-6uhg"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.22.0rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/41791?format=json","purl":"pkg:pypi/codechecker@6.22.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-dxb5-cwgk-6uhg"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.22.0"},{"url":"http://public2.vulnerablecode.io/api/packages/41792?format=json","purl":"pkg:pypi/codechecker@6.22.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-dxb5-cwgk-6uhg"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.22.1"},{"url":"http://public2.vulnerablecode.io/api/packages/41793?format=json","purl":"pkg:pypi/codechecker@6.22.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-dxb5-cwgk-6uhg"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.22.2"},{"url":"http://public2.vulnerablecode.io/api/packages/41794?format=json","purl":"pkg:pypi/codechecker@6.22.2.post1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-dxb5-cwgk-6uhg"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.22.2.post1"},{"url":"http://public2.vulnerablecode.io/api/packages/41795?format=json","purl":"pkg:pypi/codechecker@6.23.0rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-dxb5-cwgk-6uhg"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.23.0rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/41796?format=json","purl":"pkg:pypi/codechecker@6.23.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.23.0"},{"url":"http://public2.vulnerablecode.io/api/packages/43802?format=json","purl":"pkg:pypi/codechecker@6.23.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.23.1"},{"url":"http://public2.vulnerablecode.io/api/packages/43803?format=json","purl":"pkg:pypi/codechecker@6.24.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.24.0"},{"url":"http://public2.vulnerablecode.io/api/packages/43804?format=json","purl":"pkg:pypi/codechecker@6.24.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34z1-k1dg-uqhh"},{"vulnerability":"VCID-6urc-avwv-vbdk"},{"vulnerability":"VCID-8qpt-75sy-mbes"},{"vulnerability":"VCID-h6wn-2dtj-q7hq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.24.1"}],"references":[{"reference_url":"https://github.com/Ericsson/codechecker/security/advisories/GHSA-fpm5-2wcj-vfr7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Ericsson/codechecker/security/advisories/GHSA-fpm5-2wcj-vfr7"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h6wn-2dtj-q7hq"}