nvd-json-data-feeds/CVE-2023/CVE-2023-238xx/CVE-2023-23849.json

{
  "id": "CVE-2023-23849",
  "sourceIdentifier": "disclosure@synopsys.com",
  "published": "2023-02-06T23:15:10.067",
  "lastModified": "2023-02-14T23:39:12.903",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes. CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C"
    },
    {
      "lang": "es",
      "value": "Las versiones de Coverity Connect anteriores a 2022.12.0 se ven afectadas por una vulnerabilidad de cross-site scripting no autenticadas. Cualquier servicio web alojado en el mismo subdominio puede configurar una cookie para todo el subdominio que puede usarse para evitar otras mitigaciones implementadas con fines maliciosos. CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    },
    {
      "source": "disclosure@synopsys.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:synopsys:coverity:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "2022.12.0",
              "matchCriteriaId": "332F5E1D-49AD-4A7E-B5E5-F91E17E690D5"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2023-23849-affecting-Coverity",
      "source": "disclosure@synopsys.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}