Tristan

**Name of the Vulnerable Software and Affected Versions** Coverity Connect versions prior to 2022.12.0 **Description** The issue is an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same subdomain can set a cookie for the whole subdomain, which can be used to bypass other mitigations in place for malicious purposes. **Recommendations** For versions prior to 2022.12.0, update to version 2022.12.0 or later to resolve the issue. As a temporary workaround, consider restricting access to web services hosted on the same subdomain to minimize the risk of exploitation.