2 matches found
CVE-2023-23849
Coverity Connect versions prior to 2022.12.0 are vulnerable to an unauthenticated Cross‑Site Scripting (XSS) vulnerability. An attacker could leverage this to have a web service on the same subdomain set a cookie for the entire subdomain, potentially bypassing other mitigations and enabling furth...
CVE-2023-1663
CVE-2023-1663 affects Coverity Connect prior to 2023.3.2. The root cause is an insecurely configured servlet mapping in the underlying Apache Tomcat, leading to a forced browsing vulnerability where the downloads directory and its contents become accessible to unauthorized actors. Affected softwa...