Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible. 5.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)
References
Configurations
History
21 Nov 2024, 07:39
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
References | () https://community.synopsys.com/s/article/Mitigation-for-Coverity-Platforms-Exposure-to-CVE-2023-1663 - Permissions Required | |
References | () https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2023-1663-Affecting-Coverity-Platform - Vendor Advisory |
07 Nov 2023, 04:04
Type | Values Removed | Values Added |
---|---|---|
Summary | Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible. 5.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C) |
Information
Published : 2023-03-29 14:15
Updated : 2024-11-21 07:39
NVD link : CVE-2023-1663
Mitre link : CVE-2023-1663
CVE.ORG link : CVE-2023-1663
JSON object : View
Products Affected
synopsys
- coverity
CWE
CWE-425
Direct Request ('Forced Browsing')