Huong Kieu

**Name of the Vulnerable Software and Affected Versions** Coverity Connect (affected versions not specified) **Description** The authentication logic in the command line tooling for Coverity Connect is missing an error handler, leading to a potential authentication bypass. An attacker with access to the `/token` API endpoint and knowledge of a valid username can craft a specific HTTP request to bypass authentication. Successful exploitation allows an attacker to assume the privileges of the legitimate user. The `/token` API endpoint is involved in this issue. The `username` is a vulnerable parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.