CVE Record: CVE-2023-23849

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

Expand or collapse notification button

Required CVE Record Information

Description

Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes. CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C

CWE 1 Total

CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product Status

Versions 1 Total

Default Status: unknown

affected

References 1 Total

https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2023-23849-affecting-Coverity
external site

Updated: 2024-08-02

This container includes required additional information provided by the CVE Program for this vulnerability.

References 1 Total

https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2023-23849-affecting-Coverity
external site
x_transferred

Authorized Data Publishers