← Back to CVE List

CVE-2023-49793

Published: 2024-06-24T18:15Z
Last Modified: 2024-11-21T08:33Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of `CodeChecker store` are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of `CodeChecker server`. The vulnerable endpoint is `/Default/v6.53/CodeCheckerService@massStoreRun`. The path traversal vulnerability allows reading data on the machine of the `CodeChecker server`, with the same permission level as the `CodeChecker server`. The attack requires a user account on the `CodeChecker server`, with permission to store to a server, and view the stored report. This vulnerability has been patched in version 6.23. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt