Primary

Context

CodeChecker Open Redirect Vulnerability Bypassing Previous Protections

Vulnerability

Patched

An open redirect vulnerability has been identified in CodeChecker versions through 6.24.5. This issue arises from inadequate handling of multiple slashes in the URL after the product name, allowing attackers to bypass existing protections against open redirects, specifically those related to CVE-2021-28861. The vulnerability enables the creation of links that appear to be legitimate CodeChecker URLs but redirect users to malicious sites.

Impact

Exploitation of this vulnerability allows for open redirection, where users are sent to an attacker-controlled website under the guise of a legitimate CodeChecker link.

Remediation

Users can upgrade to CodeChecker version 6.24.6 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CodeChecker Open Redirect Vulnerability Bypassing Previous Protections

Vulnerability

Impact

Remediation

Affected Products

Ericsson CodeChecker

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating