CVE-2023-1663

Name of the Vulnerable Software and Affected Versions Coverity versions prior to 2023.3.2

Description The issue is related to forced browsing, which exposes authenticated resources to unauthorized actors due to an insecurely configured servlet mapping for the underlying Apache Tomcat server. This results in the downloads directory and its contents being accessible.

Recommendations For versions prior to 2023.3.2, update to version 2023.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the downloads directory to minimize the risk of exploitation.