Juha Leivo

**Name of the Vulnerable Software and Affected Versions** Coverity versions prior to 2023.3.2 **Description** The issue is related to forced browsing, which exposes authenticated resources to unauthorized actors due to an insecurely configured servlet mapping for the underlying Apache Tomcat server. This results in the downloads directory and its contents being accessible. **Recommendations** For versions prior to 2023.3.2, update to version 2023.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the downloads directory to minimize the risk of exploitation.