CVE-2024-10081: 
Python vulnerability analysis and mitigation

CodeChecker, an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy, was found to contain a critical authentication bypass vulnerability (CVE-2024-10081). The vulnerability affects versions through 6.24.1 and occurs when the API URL ends with Authentication. This bypass allows unauthorized superuser access to all API endpoints other than Authentication, including functionality to add, edit, and remove products (NVD, GitHub Advisory).

The vulnerability occurs when API URLs end with Authentication, Configuration, or ServerInfo. The authentication bypass affects all endpoints except /Authentication, allowing unauthenticated users to access all API functionality. The vulnerability has been assigned a CVSS v3.1 base score of 10.0 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N, indicating network attack vector, low attack complexity, no privileges required, and no user interaction needed (GitHub Advisory).

The vulnerability allows unauthenticated users to query, add, change, and delete Products contained on the CodeChecker server without authentication. This gives anonymous users superuser access to critical functionality, potentially compromising the integrity and confidentiality of the system (GitHub Advisory).

The vulnerability has been patched in version 6.24.2. Users are advised to upgrade to this version to address the security issue (GitHub Advisory).