Vulnerability Description
Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible. 5.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Synopsys | Coverity | < 2023.3.2 |
Related Weaknesses (CWE)
References
- https://community.synopsys.com/s/article/Mitigation-for-Coverity-Platforms-ExposPermissions Required
- https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2023-Vendor Advisory
- https://community.synopsys.com/s/article/Mitigation-for-Coverity-Platforms-ExposPermissions Required
- https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2023-Vendor Advisory
FAQ
What is CVE-2023-1663?
CVE-2023-1663 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured se...
How severe is CVE-2023-1663?
CVE-2023-1663 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-1663?
Check the references section above for vendor advisories and patch information. Affected products include: Synopsys Coverity.