Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible. 5.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: SNPS
Published: 2023-03-29T13:16:40.269Z
Updated: 2023-03-29T13:16:40.269Z
Reserved: 2023-03-27T16:21:21.908Z
Link: CVE-2023-1663
JSON object: View
NVD Information
Status : Modified
Published: 2023-03-29T14:15:07.453
Modified: 2023-11-07T04:04:31.937
Link: CVE-2023-1663
JSON object: View
Redhat Information
No data.
CWE