An elevated privileges issue was identified in Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).
Symptoms
**** Only the following information is permitted to be distributed to users of products enabled with Code Insight:
- CVE number (if available)
- CWE ID
- CVSS scores
- Any publicly available information
****
The elevated privileges issue allows unauthorized users to use Spring MVC calls to access projects for critical business use cases. This issue was assigned a CVSS v3 score of 8.0; that is high severity.
Resolution
Code Insight 2020 R1 SP1 release (7.11.1-7) or later address the elevated privilege issue. This version (or greater) is available for download on the Product and License Center. We advise Code Insight customers to update to the latest version.
Additional Information
For identifying this vulnerability and disclosing it to Revenera under a responsible disclosure process, we'd like to thank Goutham Madhwaraj.
