Lucene search

PRIOn knowledge basePRION:CVE-2023-1663

HistoryMar 29, 2023 - 2:15 p.m.

Design/Logic Flaw

2023-03-2914:15:00

PRIOn knowledge base

www.prio-n.com

coverity

forced browsing

authenticated resources

unauthorized access

servlet mapping

apache tomcat

insecure configuration

downloads directory

cvss 3.1

nvd

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.8%

JSON

Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible. 5.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)

CPENameOperatorVersion
coveritylt2023.3.2

CPE	Name	Operator	Version
	coverity	lt	2023.3.2

References

community.synopsys.com/s/article/Mitigation-for-Coverity-Platforms-Exposure-to-CVE-2023-1663

community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2023-1663-Affecting-Coverity-Platform