OpenCVE

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of `CodeChecker store` are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of `CodeChecker server`. The vulnerable endpoint is `/Default/v6.53/CodeCheckerService@massStoreRun`. The path traversal vulnerability allows reading data on the machine of the `CodeChecker server`, with the same permission level as the `CodeChecker server`. The attack requires a user account on the `CodeChecker server`, with permission to store to a server, and view the stored report. This vulnerability has been patched in version 6.23.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ericsson	Codechecker

Configuration 1 [-]

cpe:2.3:a:ericsson:codechecker:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/Ericsson/codechecker/commit/46bada41e32f3ba0f6011d5c556b579f6dddf07a
https://github.com/Ericsson/codechecker/security/advisories/GHSA-h26w-r4m5-8rrf

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-06-24T17:36:21.827Z

Updated: 2024-08-02T22:01:26.011Z

Reserved: 2023-11-30T13:39:50.863Z

Link: CVE-2023-49793

Vulnrichment

Updated: 2024-08-02T22:01:26.011Z

NVD

Status : Modified

Published: 2024-06-24T18:15:10.437

Modified: 2024-11-21T08:33:51.237

Link: CVE-2023-49793

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-49793", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-11-30T13:39:50.863Z", "datePublished": "2024-06-24T17:36:21.827Z", "dateUpdated": "2024-08-02T22:01:26.011Z"}, "containers": {"cna": {"title": "Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-h26w-r4m5-8rrf", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-h26w-r4m5-8rrf"}, {"name": "https://github.com/Ericsson/codechecker/commit/46bada41e32f3ba0f6011d5c556b579f6dddf07a", "tags": ["x_refsource_MISC"], "url": "https://github.com/Ericsson/codechecker/commit/46bada41e32f3ba0f6011d5c556b579f6dddf07a"}], "affected": [{"vendor": "Ericsson", "product": "codechecker", "versions": [{"version": "< 6.23.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-24T17:36:21.827Z"}, "descriptions": [{"lang": "en", "value": "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of `CodeChecker store` are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of `CodeChecker server`. The vulnerable endpoint is `/Default/v6.53/CodeCheckerService@massStoreRun`. The path traversal vulnerability allows reading data on the machine of the `CodeChecker server`, with the same permission level as the `CodeChecker server`.\nThe attack requires a user account on the `CodeChecker server`, with permission to store to a server, and view the stored report. This vulnerability has been patched in version 6.23."}], "source": {"advisory": "GHSA-h26w-r4m5-8rrf", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "ericsson", "product": "codechecker", "cpes": ["cpe:2.3:a:ericsson:codechecker:6.23:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "6.23", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-25T14:37:31.808705Z", "id": "CVE-2023-49793", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-25T14:42:52.007Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:01:26.011Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-h26w-r4m5-8rrf", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-h26w-r4m5-8rrf"}, {"name": "https://github.com/Ericsson/codechecker/commit/46bada41e32f3ba0f6011d5c556b579f6dddf07a", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Ericsson/codechecker/commit/46bada41e32f3ba0f6011d5c556b579f6dddf07a"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-h26w-r4m5-8rrf", "name": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-h26w-r4m5-8rrf", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/Ericsson/codechecker/commit/46bada41e32f3ba0f6011d5c556b579f6dddf07a", "name": "https://github.com/Ericsson/codechecker/commit/46bada41e32f3ba0f6011d5c556b579f6dddf07a", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:01:26.011Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-49793", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-25T14:37:31.808705Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ericsson:codechecker:6.23:*:*:*:*:*:*:*"], "vendor": "ericsson", "product": "codechecker", "versions": [{"status": "affected", "version": "0", "lessThan": "6.23", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-25T14:39:42.542Z"}}], "cna": {"title": "Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`", "source": {"advisory": "GHSA-h26w-r4m5-8rrf", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Ericsson", "product": "codechecker", "versions": [{"status": "affected", "version": "< 6.23.0"}]}], "references": [{"url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-h26w-r4m5-8rrf", "name": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-h26w-r4m5-8rrf", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Ericsson/codechecker/commit/46bada41e32f3ba0f6011d5c556b579f6dddf07a", "name": "https://github.com/Ericsson/codechecker/commit/46bada41e32f3ba0f6011d5c556b579f6dddf07a", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of `CodeChecker store` are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of `CodeChecker server`. The vulnerable endpoint is `/Default/v6.53/CodeCheckerService@massStoreRun`. The path traversal vulnerability allows reading data on the machine of the `CodeChecker server`, with the same permission level as the `CodeChecker server`.\nThe attack requires a user account on the `CodeChecker server`, with permission to store to a server, and view the stored report. This vulnerability has been patched in version 6.23."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-24T17:36:21.827Z"}}}, "cveMetadata": {"cveId": "CVE-2023-49793", "state": "PUBLISHED", "dateUpdated": "2024-08-02T22:01:26.011Z", "dateReserved": "2023-11-30T13:39:50.863Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-06-24T17:36:21.827Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ericsson:codechecker:*:*:*:*:*:*:*:*", "matchCriteriaId": "10E6338B-8ABE-4FD0-9EBE-DF267A26982B", "versionEndExcluding": "6.23.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of `CodeChecker store` are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of `CodeChecker server`. The vulnerable endpoint is `/Default/v6.53/CodeCheckerService@massStoreRun`. The path traversal vulnerability allows reading data on the machine of the `CodeChecker server`, with the same permission level as the `CodeChecker server`.\nThe attack requires a user account on the `CodeChecker server`, with permission to store to a server, and view the stored report. This vulnerability has been patched in version 6.23."}, {"lang": "es", "value": "CodeChecker es una herramienta de an\u00e1lisis, una base de datos de defectos y una extensi\u00f3n de visor para Clang Static Analyzer y Clang Tidy. Los archivos zip cargados en el extremo del servidor de \"CodeChecker store\" no se sanitizan adecuadamente. Un atacante, utilizando un ataque de path traversal, puede cargar y mostrar archivos en la m\u00e1quina del \"servidor CodeChecker\". El endpoint vulnerable es `/Default/v6.53/CodeCheckerService@massStoreRun`. La vulnerabilidad de path traversal permite leer datos en la m\u00e1quina del \"servidor CodeChecker\", con el mismo nivel de permiso que el \"servidor CodeChecker\". El ataque requiere una cuenta de usuario en el \"servidor CodeChecker\", con permiso para almacenar en un servidor y ver el informe almacenado. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 6.23."}], "id": "CVE-2023-49793", "lastModified": "2024-11-21T08:33:51.237", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-24T18:15:10.437", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/Ericsson/codechecker/commit/46bada41e32f3ba0f6011d5c556b579f6dddf07a"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-h26w-r4m5-8rrf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/Ericsson/codechecker/commit/46bada41e32f3ba0f6011d5c556b579f6dddf07a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-h26w-r4m5-8rrf"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}