x/vulndb: potential Go vuln in github.com/Ericsson/codechecker: CVE-2024-10081

[GoVulnBot]

Advisory CVE-2024-10081 references a vulnerability in the following Go modules:

Module
github.com/Ericsson/codechecker

Description:
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy.
Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. All endpoints, apart from the /Authentication is affected by the vulnerability.

This issue affects CodeChecker: through 6.24.1.

References:

• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-10081
• WEB: GHSA-f3f8-vx3w-hp5q

Cross references:

• github.com/Ericsson/codechecker appears in 2 other report(s):
  • data/excluded/GO-2022-0287.yaml (x/vulndb: potential Go vuln in github.com/Ericsson/codechecker: CVE-2021-44217 #287) NOT_GO_CODE
  • data/excluded/GO-2024-2946.yaml (x/vulndb: potential Go vuln in github.com/Ericsson/codechecker: CVE-2023-49793 #2946) NOT_GO_CODE

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/Ericsson/codechecker
      vulnerable_at: 6.24.4+incompatible
summary: CVE-2024-10081 in github.com/Ericsson/codechecker
cves:
    - CVE-2024-10081
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-10081
    - web: https://github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q
source:
    id: CVE-2024-10081
    created: 2024-11-06T16:01:29.435014352Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/626557 mentions this issue: data/excluded: add 4 excluded reports