NIXPKGS-2026-1265

GitHub issue published 1 month, 4 weeks ago

Permalink CVE-2026-25660

updated 1 month, 4 weeks ago by @LeSuisse Activity log

Created suggestion 2 months ago
@LeSuisse accepted 1 month, 4 weeks ago
@LeSuisse published on GitHub 1 month, 4 weeks ago

Authentication bypass for certain API calls

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permission to any user existing in CodeChecker. This issue affects CodeChecker: through 6.27.3.

References

https://github.com/Ericsson/codechecker/security/advisories/GHSA-4v9x-cqc5-j645 vendor-advisory

Affected products

CodeChecker

=<6.27.3

Matching in nixpkgs

pkgs.codechecker

Analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy

nixos-unstable 6.24.0
- nixpkgs-unstable 6.24.0
- nixos-unstable-small 6.24.0

Package maintainers

@felixsinger Felix Singer <felixsinger@posteo.net>
@zebreus Lennart Eichhorn <lennarteichhorn+nixpkgs@gmail.com>

Nixpkgs security tracker

Details of issue NIXPKGS-2026-1265

References

Affected products

Matching in nixpkgs

pkgs.codechecker

Package maintainers