Vulnerabilites related to apache - couchdb
cve-2010-3854
Vulnerability from cvelistv5
Published
2011-02-02 00:00
Modified
2024-08-07 03:26
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/65050 | vdb-entry, x_refsource_XF | |
http://mail-archives.apache.org/mod_mbox/couchdb-dev/201101.mbox/%3CC840F655-C8C5-4EC6-8AA8-DD223E39C34A%40apache.org%3E | mailing-list, x_refsource_MLIST | |
http://osvdb.org/70734 | vdb-entry, x_refsource_OSVDB | |
http://www.vupen.com/english/advisories/2011/0263 | vdb-entry, x_refsource_VUPEN | |
http://www.securityfocus.com/bid/46066 | vdb-entry, x_refsource_BID | |
http://www.securityfocus.com/archive/1/516058/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
http://secunia.com/advisories/43111 | third-party-advisory, x_refsource_SECUNIA | |
http://www.securitytracker.com/id?1025013 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T03:26:12.348Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "couchdb-adminui-xss(65050)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65050" }, { "name": "[couchdb-dev] 20110128 CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mail-archives.apache.org/mod_mbox/couchdb-dev/201101.mbox/%3CC840F655-C8C5-4EC6-8AA8-DD223E39C34A%40apache.org%3E" }, { "name": "70734", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/70734" }, { "name": "ADV-2011-0263", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0263" }, { "name": "46066", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/46066" }, { "name": "20110128 CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/516058/100/0/threaded" }, { "name": "43111", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43111" }, { "name": "1025013", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1025013" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-01-28T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-10T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "couchdb-adminui-xss(65050)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65050" }, { "name": "[couchdb-dev] 20110128 CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mail-archives.apache.org/mod_mbox/couchdb-dev/201101.mbox/%3CC840F655-C8C5-4EC6-8AA8-DD223E39C34A%40apache.org%3E" }, { "name": "70734", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/70734" }, { "name": "ADV-2011-0263", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0263" }, { "name": "46066", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/46066" }, { "name": "20110128 CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/516058/100/0/threaded" }, { "name": "43111", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43111" }, { "name": "1025013", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1025013" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-3854", "datePublished": "2011-02-02T00:00:00", "dateReserved": "2010-10-08T00:00:00", "dateUpdated": "2024-08-07T03:26:12.348Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38295
Vulnerability from cvelistv5
Published
2021-10-14 19:55
Modified
2024-08-04 01:37
Severity ?
EPSS score ?
Summary
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2
References
▼ | URL | Tags |
---|---|---|
https://docs.couchdb.org/en/stable/cve/2021-38295.html | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
▼ | Apache Software Foundation | Apache CouchDB |
Version: Apache CouchDB < 3.1.2 |
||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:37:16.335Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.couchdb.org/en/stable/cve/2021-38295.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache CouchDB", "vendor": "Apache Software Foundation", "versions": [ { "lessThan": "3.1.2", "status": "affected", "version": "Apache CouchDB", "versionType": "custom" } ] }, { "product": "IBM Cloudant", "vendor": "Apache Software Foundation", "versions": [ { "lessThan": "8201", "status": "affected", "version": "IBM Cloudant", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "This issue was identified by Cory Sabol of Secure Ideas." } ], "descriptions": [ { "lang": "en", "value": "In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2" } ], "metrics": [ { "other": { "content": { "other": "low" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "Privilege escalation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-14T19:55:12", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.couchdb.org/en/stable/cve/2021-38295.html" } ], "source": { "discovery": "UNKNOWN" }, "title": "Privilege escalation vulnerability when using HTML attachments", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2021-38295", "STATE": "PUBLIC", "TITLE": "Privilege escalation vulnerability when using HTML attachments" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache CouchDB", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "Apache CouchDB", "version_value": "3.1.2" } ] } } ] }, "vendor_name": "Apache Software Foundation" }, { "product": { "product_data": [ { "product_name": "IBM Cloudant", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "IBM Cloudant", "version_value": "8201" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "credit": [ { "lang": "eng", "value": "This issue was identified by Cory Sabol of Secure Ideas." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": [ { "other": "low" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Privilege escalation" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.couchdb.org/en/stable/cve/2021-38295.html", "refsource": "MISC", "url": "https://docs.couchdb.org/en/stable/cve/2021-38295.html" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-38295", "datePublished": "2021-10-14T19:55:12", "dateReserved": "2021-08-09T00:00:00", "dateUpdated": "2024-08-04T01:37:16.335Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12636
Vulnerability from cvelistv5
Published
2017-11-14 20:00
Modified
2024-09-16 18:48
Severity ?
EPSS score ?
Summary
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
References
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/45019/ | exploit, x_refsource_EXPLOIT-DB | |
https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://www.exploit-db.com/exploits/44913/ | exploit, x_refsource_EXPLOIT-DB | |
https://security.gentoo.org/glsa/201711-16 | vendor-advisory, x_refsource_GENTOO | |
https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html | mailing-list, x_refsource_MLIST | |
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache CouchDB |
Version: 1.2.0 to 1.6.1 Version: 2.0.0 to 2.1.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:43:56.454Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "45019", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/45019/" }, { "name": "[dev] 20171114 Apache CouchDB CVE-2017-12635 and CVE-2017-12636", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E" }, { "name": "44913", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/44913/" }, { "name": "GLSA-201711-16", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-16" }, { "name": "[debian-lts-announce] 20180121 [SECURITY] [DLA 1252-1] couchdb security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache CouchDB", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "1.2.0 to 1.6.1" }, { "status": "affected", "version": "2.0.0 to 2.1.0" } ] } ], "datePublic": "2017-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet." } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-13T18:06:10", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "name": "45019", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/45019/" }, { "name": "[dev] 20171114 Apache CouchDB CVE-2017-12635 and CVE-2017-12636", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E" }, { "name": "44913", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/44913/" }, { "name": "GLSA-201711-16", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-16" }, { "name": "[debian-lts-announce] 20180121 [SECURITY] [DLA 1252-1] couchdb security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2017-11-14T00:00:00", "ID": "CVE-2017-12636", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache CouchDB", "version": { "version_data": [ { "version_value": "1.2.0 to 1.6.1" }, { "version_value": "2.0.0 to 2.1.0" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "45019", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45019/" }, { "name": "[dev] 20171114 Apache CouchDB CVE-2017-12635 and CVE-2017-12636", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E" }, { "name": "44913", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44913/" }, { "name": "GLSA-201711-16", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-16" }, { "name": "[debian-lts-announce] 20180121 [SECURITY] [DLA 1252-1] couchdb security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-12636", "datePublished": "2017-11-14T20:00:00Z", "dateReserved": "2017-08-07T00:00:00", "dateUpdated": "2024-09-16T18:48:31.205Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-17188
Vulnerability from cvelistv5
Published
2019-01-02 14:00
Modified
2024-08-05 10:39
Severity ?
EPSS score ?
Summary
Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. Rather than waiting for new vulnerabilities to be discovered, and fixing them as they come up, the CouchDB development team decided to make changes to avoid this entire class of vulnerabilities.
References
▼ | URL | Tags |
---|---|---|
https://blog.couchdb.org/2018/12/17/cve-2018-17188/ | x_refsource_MISC | |
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us | x_refsource_CONFIRM | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache CouchDB |
Version: All |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:39:59.575Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.couchdb.org/2018/12/17/cve-2018-17188/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" }, { "name": "FEDORA-2020-83f513fd7e", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/" }, { "name": "FEDORA-2020-73bd8167a0", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache CouchDB", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "All" } ] } ], "datePublic": "2019-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. Rather than waiting for new vulnerabilities to be discovered, and fixing them as they come up, the CouchDB development team decided to make changes to avoid this entire class of vulnerabilities." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote Privilege Escalations", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-16T23:06:05", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://blog.couchdb.org/2018/12/17/cve-2018-17188/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" }, { "name": "FEDORA-2020-83f513fd7e", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/" }, { "name": "FEDORA-2020-73bd8167a0", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2018-17188", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache CouchDB", "version": { "version_data": [ { "version_value": "All" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. Rather than waiting for new vulnerabilities to be discovered, and fixing them as they come up, the CouchDB development team decided to make changes to avoid this entire class of vulnerabilities." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote Privilege Escalations" } ] } ] }, "references": { "reference_data": [ { "name": "https://blog.couchdb.org/2018/12/17/cve-2018-17188/", "refsource": "MISC", "url": "https://blog.couchdb.org/2018/12/17/cve-2018-17188/" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" }, { "name": "FEDORA-2020-83f513fd7e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/" }, { "name": "FEDORA-2020-73bd8167a0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-17188", "datePublished": "2019-01-02T14:00:00", "dateReserved": "2018-09-19T00:00:00", "dateUpdated": "2024-08-05T10:39:59.575Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-26268
Vulnerability from cvelistv5
Published
2023-05-02 20:06
Modified
2024-10-15 18:11
Severity ?
EPSS score ?
Summary
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:
* validate_doc_update
* list
* filter
* filter views (using view functions as filters)
* rewrite
* update
This doesn't affect map/reduce or search (Dreyfus) index functions.
Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).
Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.
References
▼ | URL | Tags |
---|---|---|
https://lists.apache.org/thread/r2wvjfysg3d92lhhjd1qh3wfr8mlp0pp | vendor-advisory | |
https://docs.couchdb.org/en/stable/cve/2023-26268.html | release-notes | |
https://lists.apache.org/thread/ldkqs0nhpmho26bdxf4fon7w75hsq5gl | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
▼ | Apache Software Foundation | Apache CouchDB |
Version: 0 ≤ 3.3.1 |
||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:46:24.314Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.apache.org/thread/r2wvjfysg3d92lhhjd1qh3wfr8mlp0pp" }, { "tags": [ "release-notes", "x_transferred" ], "url": "https://docs.couchdb.org/en/stable/cve/2023-26268.html" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.apache.org/thread/ldkqs0nhpmho26bdxf4fon7w75hsq5gl" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-26268", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-15T18:11:10.609683Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-15T18:11:19.560Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Apache CouchDB", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "3.3.1", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "IBM Cloudant", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "8349", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Nick Vatamaniuc vatamane@apache.org" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDesign documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evalidate_doc_update\u003cbr\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003elist\u003cbr\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efilter\u003cbr\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efilter views (using view functions as filters)\u003cbr\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003er\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eewrite\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eupdate\u003cbr\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis doesn\u0027t affect map/reduce or search (Dreyfus) index functions.\u003c/span\u003e\u003c/div\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUsers are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).\u003c/span\u003e\u003c/span\u003e\u003c/div\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWorkaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.\u003c/span\u003e\u003c/div\u003e" } ], "value": "Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:\n * validate_doc_update\n\n * list\n\n * filter\n\n * filter views (using view functions as filters)\n\n * rewrite\n\n * update\n\n\n\nThis doesn\u0027t affect map/reduce or search (Dreyfus) index functions.\n\nUsers are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).\n\nWorkaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-02T20:06:09.352Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://lists.apache.org/thread/r2wvjfysg3d92lhhjd1qh3wfr8mlp0pp" }, { "tags": [ "release-notes" ], "url": "https://docs.couchdb.org/en/stable/cve/2023-26268.html" }, { "tags": [ "vendor-advisory" ], "url": "https://lists.apache.org/thread/ldkqs0nhpmho26bdxf4fon7w75hsq5gl" } ], "source": { "discovery": "INTERNAL" }, "title": "Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2023-26268", "datePublished": "2023-05-02T20:06:09.352Z", "dateReserved": "2023-02-21T08:19:47.658Z", "dateUpdated": "2024-10-15T18:11:19.560Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-2668
Vulnerability from cvelistv5
Published
2014-03-28 16:00
Modified
2024-08-06 10:21
Severity ?
EPSS score ?
Summary
Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/92161 | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/bid/66474 | vdb-entry, x_refsource_BID | |
http://secunia.com/advisories/57572 | third-party-advisory, x_refsource_SECUNIA | |
http://lists.opensuse.org/opensuse-updates/2014-04/msg00039.html | vendor-advisory, x_refsource_SUSE | |
http://www.exploit-db.com/exploits/32519 | exploit, x_refsource_EXPLOIT-DB | |
http://www.securitytracker.com/id/1029967 | vdb-entry, x_refsource_SECTRACK | |
http://packetstormsecurity.com/files/125889 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:21:36.028Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "apache-couchdb-cve20142668-dos(92161)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92161" }, { "name": "66474", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/66474" }, { "name": "57572", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57572" }, { "name": "openSUSE-SU-2014:0526", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00039.html" }, { "name": "32519", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "http://www.exploit-db.com/exploits/32519" }, { "name": "1029967", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029967" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/125889" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-03-26T00:00:00", "descriptions": [ { "lang": "en", "value": "Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-15T17:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "apache-couchdb-cve20142668-dos(92161)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92161" }, { "name": "66474", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/66474" }, { "name": "57572", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57572" }, { "name": "openSUSE-SU-2014:0526", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00039.html" }, { "name": "32519", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "http://www.exploit-db.com/exploits/32519" }, { "name": "1029967", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029967" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/125889" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2668", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "apache-couchdb-cve20142668-dos(92161)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92161" }, { "name": "66474", "refsource": "BID", "url": "http://www.securityfocus.com/bid/66474" }, { "name": "57572", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57572" }, { "name": "openSUSE-SU-2014:0526", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00039.html" }, { "name": "32519", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/32519" }, { "name": "1029967", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029967" }, { "name": "http://packetstormsecurity.com/files/125889", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/125889" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2668", "datePublished": "2014-03-28T16:00:00", "dateReserved": "2014-03-28T00:00:00", "dateUpdated": "2024-08-06T10:21:36.028Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-5649
Vulnerability from cvelistv5
Published
2014-05-23 14:00
Modified
2024-08-06 21:14
Severity ?
EPSS score ?
Summary
Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/57314 | vdb-entry, x_refsource_BID | |
http://secunia.com/advisories/51765 | third-party-advisory, x_refsource_SECUNIA | |
http://archives.neohapsis.com/archives/bugtraq/2013-01/0057.html | mailing-list, x_refsource_BUGTRAQ | |
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098092.html | vendor-advisory, x_refsource_FEDORA | |
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098089.html | vendor-advisory, x_refsource_FEDORA | |
http://www.mandriva.com/security/advisories?name=MDVSA-2013:067 | vendor-advisory, x_refsource_MANDRIVA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T21:14:16.247Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "57314", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/57314" }, { "name": "51765", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/51765" }, { "name": "20130114 CVE-2012-5649 Apache CouchDB JSONP arbitrary code execution with Adobe Flash", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0057.html" }, { "name": "FEDORA-2013-1387", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098092.html" }, { "name": "FEDORA-2013-1375", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098089.html" }, { "name": "MDVSA-2013:067", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:067" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-01-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-05-23T13:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "57314", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/57314" }, { "name": "51765", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/51765" }, { "name": "20130114 CVE-2012-5649 Apache CouchDB JSONP arbitrary code execution with Adobe Flash", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0057.html" }, { "name": "FEDORA-2013-1387", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098092.html" }, { "name": "FEDORA-2013-1375", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098089.html" }, { "name": "MDVSA-2013:067", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:067" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-5649", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "57314", "refsource": "BID", "url": "http://www.securityfocus.com/bid/57314" }, { "name": "51765", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51765" }, { "name": "20130114 CVE-2012-5649 Apache CouchDB JSONP arbitrary code execution with Adobe Flash", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0057.html" }, { "name": "FEDORA-2013-1387", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098092.html" }, { "name": "FEDORA-2013-1375", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098089.html" }, { "name": "MDVSA-2013:067", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:067" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-5649", "datePublished": "2014-05-23T14:00:00", "dateReserved": "2012-10-24T00:00:00", "dateUpdated": "2024-08-06T21:14:16.247Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2010-0009
Vulnerability from cvelistv5
Published
2010-04-05 16:00
Modified
2024-08-07 00:30
Severity ?
EPSS score ?
Summary
Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/39116 | vdb-entry, x_refsource_BID | |
https://bugzilla.redhat.com/show_bug.cgi?id=578572 | x_refsource_CONFIRM | |
http://www.securityfocus.com/archive/1/510427/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
http://secunia.com/advisories/39146 | third-party-advisory, x_refsource_SECUNIA | |
http://archives.neohapsis.com/archives/bugtraq/2010-03/0267.html | mailing-list, x_refsource_BUGTRAQ | |
http://couchdb.apache.org/security.html | x_refsource_CONFIRM | |
http://www.osvdb.org/63350 | vdb-entry, x_refsource_OSVDB |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:30:47.025Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "39116", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/39116" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578572" }, { "name": "20100331 [SECURITY] CVE-2008-2370: Apache CouchDB Timing Attack Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/510427/100/0/threaded" }, { "name": "39146", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39146" }, { "name": "20100331 [SECURITY] CVE-2008-2370: Apache CouchDB Timing Attack Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2010-03/0267.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://couchdb.apache.org/security.html" }, { "name": "63350", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/63350" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-03-31T00:00:00", "descriptions": [ { "lang": "en", "value": "Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-10T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "39116", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/39116" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578572" }, { "name": "20100331 [SECURITY] CVE-2008-2370: Apache CouchDB Timing Attack Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/510427/100/0/threaded" }, { "name": "39146", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39146" }, { "name": "20100331 [SECURITY] CVE-2008-2370: Apache CouchDB Timing Attack Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2010-03/0267.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://couchdb.apache.org/security.html" }, { "name": "63350", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/63350" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-0009", "datePublished": "2010-04-05T16:00:00", "dateReserved": "2009-12-14T00:00:00", "dateUpdated": "2024-08-07T00:30:47.025Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2010-2234
Vulnerability from cvelistv5
Published
2010-08-19 20:00
Modified
2024-08-07 02:25
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
References
▼ | URL | Tags |
---|---|---|
http://seclists.org/fulldisclosure/2010/Aug/199 | mailing-list, x_refsource_FULLDISC | |
http://www.securityfocus.com/archive/1/513174/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
https://bugzilla.redhat.com/show_bug.cgi?id=624764 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/42501 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T02:25:07.400Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20100817 CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2010/Aug/199" }, { "name": "20100817 CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/513174/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624764" }, { "name": "42501", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/42501" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-08-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-10T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "20100817 CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2010/Aug/199" }, { "name": "20100817 CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/513174/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624764" }, { "name": "42501", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/42501" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-2234", "datePublished": "2010-08-19T20:00:00", "dateReserved": "2010-06-09T00:00:00", "dateUpdated": "2024-08-07T02:25:07.400Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-14889
Vulnerability from cvelistv5
Published
2018-09-21 21:00
Modified
2024-08-05 09:46
Severity ?
EPSS score ?
Summary
CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability.
References
▼ | URL | Tags |
---|---|---|
https://vectra.ai/security-advisories | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:46:24.581Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://vectra.ai/security-advisories" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-09-21T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://vectra.ai/security-advisories" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14889", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://vectra.ai/security-advisories", "refsource": "CONFIRM", "url": "https://vectra.ai/security-advisories" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14889", "datePublished": "2018-09-21T21:00:00", "dateReserved": "2018-08-03T00:00:00", "dateUpdated": "2024-08-05T09:46:24.581Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-24706
Vulnerability from cvelistv5
Published
2022-04-26 00:00
Modified
2025-01-29 16:14
Severity ?
EPSS score ?
Summary
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache CouchDB |
Version: Apache CouchDB < |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:20:50.213Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00" }, { "tags": [ "x_transferred" ], "url": "https://docs.couchdb.org/en/3.2.2/setup/cluster.html" }, { "name": "[oss-security] 20220426 CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/04/26/1" }, { "name": "[oss-security] 20220509 Re: CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/05/09/1" }, { "name": "[oss-security] 20220509 Re: CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/05/09/3" }, { "name": "[oss-security] 20220509 Re: CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/05/09/4" }, { "name": "[oss-security] 20220509 Re: CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/05/09/2" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html" }, { "tags": [ "x_transferred" ], "url": "https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2022-24706", "options": [ { "Exploitation": "active" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-29T16:14:35.670152Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2022-08-25", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-24706" }, "type": "kev" } } ], "providerMetadata": { "dateUpdated": "2025-01-29T16:14:43.712Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Apache CouchDB", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "3.2.1", "status": "affected", "version": "Apache CouchDB", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "The Apache CouchDB Team would like to thank Alex Vandiver \u003calexmv@zulip.com\u003e for the report of this issue." } ], "descriptions": [ { "lang": "en", "value": "In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations." } ], "metrics": [ { "other": { "content": { "other": "critical" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1188", "description": "CWE-1188 Insecure Default Initialization of Resource", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-02T00:00:00.000Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "url": "https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00" }, { "url": "https://docs.couchdb.org/en/3.2.2/setup/cluster.html" }, { "name": "[oss-security] 20220426 CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/04/26/1" }, { "name": "[oss-security] 20220509 Re: CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/05/09/1" }, { "name": "[oss-security] 20220509 Re: CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/05/09/3" }, { "name": "[oss-security] 20220509 Re: CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/05/09/4" }, { "name": "[oss-security] 20220509 Re: CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/05/09/2" }, { "url": "http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html" }, { "url": "https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd" }, { "url": "http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html" } ], "source": { "discovery": "UNKNOWN" }, "title": "Remote Code Execution Vulnerability in Packaging", "workarounds": [ { "lang": "en", "value": "CouchDB 3.2.2 and onwards will refuse to start with the former default\nErlang cookie value of `monster`. Installations that upgrade to this\nversions are forced to choose a different value.\n\nIn addition, all binary packages have been updated to bind `epmd` as\nwell as the CouchDB distribution port to `127.0.0.1` and/or `::1`\nrespectively." } ], "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-24706", "datePublished": "2022-04-26T00:00:00.000Z", "dateReserved": "2022-02-10T00:00:00.000Z", "dateUpdated": "2025-01-29T16:14:43.712Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2010-2953
Vulnerability from cvelistv5
Published
2010-09-14 18:00
Modified
2024-08-07 02:55
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current working directory.
References
▼ | URL | Tags |
---|---|---|
http://www.nth-dimension.org.uk/blog.php?id=87 | x_refsource_MISC | |
http://www.vupen.com/english/advisories/2010/2341 | vdb-entry, x_refsource_VUPEN | |
http://secunia.com/advisories/41383 | third-party-advisory, x_refsource_SECUNIA | |
http://www.securityfocus.com/bid/42758 | vdb-entry, x_refsource_BID | |
http://www.openwall.com/lists/oss-security/2010/08/29/4 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2010/08/26/5 | mailing-list, x_refsource_MLIST | |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594412 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2010/08/26/1 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2010/08/25/7 | mailing-list, x_refsource_MLIST | |
http://www.debian.org/security/2010/dsa-2107 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T02:55:45.502Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.nth-dimension.org.uk/blog.php?id=87" }, { "name": "ADV-2010-2341", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/2341" }, { "name": "41383", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/41383" }, { "name": "42758", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/42758" }, { "name": "[oss-security] 20100829 Hardening the linker (was Re: CVE request: CouchDB insecure library loading (Debian/Ubuntu only))", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2010/08/29/4" }, { "name": "[oss-security] 20100826 Re: CVE request: CouchDB insecure library loading (Debian/Ubuntu only)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2010/08/26/5" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594412" }, { "name": "[oss-security] 20100826 Re: CVE request: CouchDB insecure library loading (Debian/Ubuntu only)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2010/08/26/1" }, { "name": "[oss-security] 20100825 CVE request: CouchDB insecure library loading (Debian/Ubuntu only)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2010/08/25/7" }, { "name": "DSA-2107", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2010/dsa-2107" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current working directory." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2010-09-14T18:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.nth-dimension.org.uk/blog.php?id=87" }, { "name": "ADV-2010-2341", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/2341" }, { "name": "41383", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/41383" }, { "name": "42758", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/42758" }, { "name": "[oss-security] 20100829 Hardening the linker (was Re: CVE request: CouchDB insecure library loading (Debian/Ubuntu only))", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2010/08/29/4" }, { "name": "[oss-security] 20100826 Re: CVE request: CouchDB insecure library loading (Debian/Ubuntu only)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2010/08/26/5" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594412" }, { "name": "[oss-security] 20100826 Re: CVE request: CouchDB insecure library loading (Debian/Ubuntu only)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2010/08/26/1" }, { "name": "[oss-security] 20100825 CVE request: CouchDB insecure library loading (Debian/Ubuntu only)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2010/08/25/7" }, { "name": "DSA-2107", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2010/dsa-2107" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-2953", "datePublished": "2010-09-14T18:00:00Z", "dateReserved": "2010-08-04T00:00:00Z", "dateUpdated": "2024-08-07T02:55:45.502Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45725
Vulnerability from cvelistv5
Published
2023-12-13 08:02
Modified
2024-08-02 20:29
Severity ?
EPSS score ?
Summary
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.
These design document functions are:
* list
* show
* rewrite
* update
An attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an "update" function.
For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.
Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers
References
▼ | URL | Tags |
---|---|---|
https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg | vendor-advisory | |
https://docs.couchdb.org/en/stable/cve/2023-45725.html | release-notes |
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
▼ | Apache Software Foundation | Apache CouchDB |
Version: 0 ≤ 3.3.2 |
||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:29:31.714Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg" }, { "tags": [ "release-notes", "x_transferred" ], "url": "https://docs.couchdb.org/en/stable/cve/2023-45725.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Apache CouchDB", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "3.3.2", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "IBM Cloudant", "vendor": "Apache Software Foundation", "versions": [ { "lessThan": "8413", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Natan Nehorai from the JFrog Vulnerability Research Team" }, { "lang": "en", "type": "reporter", "value": "Or Peles from the JFrog Vulnerability Research Team" }, { "lang": "en", "type": "finder", "value": "Richard Ellis from IBM/Cloudant Team" }, { "lang": "en", "type": "finder", "value": "Mike Rhodes from IBM/Cloudant Team" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.\u003cbr\u003e\u003cbr\u003eThese design document functions are:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u0026nbsp; list\u003c/li\u003e\u003cli\u003e\u0026nbsp; show\u003c/li\u003e\u003cli\u003e\u0026nbsp; rewrite\u003c/li\u003e\u003cli\u003e\u0026nbsp; update\u003c/li\u003e\u003c/ul\u003eAn attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an \"update\" function.\u003cbr\u003e\u003cbr\u003eFor the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.\u003cbr\u003e\u003cbr\u003eWorkaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object\u0027s headers\u003cbr\u003e" } ], "value": "Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.\n\nThese design document functions are:\n * \u00a0 list\n * \u00a0 show\n * \u00a0 rewrite\n * \u00a0 update\n\nAn attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an \"update\" function.\n\nFor the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.\n\nWorkaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object\u0027s headers\n" } ], "metrics": [ { "other": { "content": { "text": "moderate" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-13T08:02:17.326Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg" }, { "tags": [ "release-notes" ], "url": "https://docs.couchdb.org/en/stable/cve/2023-45725.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2023-45725", "datePublished": "2023-12-13T08:02:17.326Z", "dateReserved": "2023-10-10T21:35:31.623Z", "dateUpdated": "2024-08-02T20:29:31.714Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-1955
Vulnerability from cvelistv5
Published
2020-05-20 13:53
Modified
2024-08-04 06:54
Severity ?
EPSS score ?
Summary
CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in turn requires that any and all requests to CouchDB will have to be made with valid credentials, effectively forbidding any anonymous requests. The new `require_valid_user_except_for_up` is an off-by-default setting that was meant to allow requiring valid credentials for all endpoints except for the `/_up` endpoint. However, the implementation of this made an error that lead to not enforcing credentials on any endpoint, when enabled. CouchDB versions 3.0.1[1] and 3.1.0[2] fix this issue.
References
▼ | URL | Tags |
---|---|---|
https://docs.couchdb.org/en/master/cve/2020-1955.html | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Apache CouchDB |
Version: Apache CouchDB 3.0.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:54:00.400Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.couchdb.org/en/master/cve/2020-1955.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache CouchDB", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Apache CouchDB 3.0.0" } ] } ], "descriptions": [ { "lang": "en", "value": "CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in turn requires that any and all requests to CouchDB will have to be made with valid credentials, effectively forbidding any anonymous requests. The new `require_valid_user_except_for_up` is an off-by-default setting that was meant to allow requiring valid credentials for all endpoints except for the `/_up` endpoint. However, the implementation of this made an error that lead to not enforcing credentials on any endpoint, when enabled. CouchDB versions 3.0.1[1] and 3.1.0[2] fix this issue." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote Privilege Escalation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-05-20T13:53:44", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.couchdb.org/en/master/cve/2020-1955.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2020-1955", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache CouchDB", "version": { "version_data": [ { "version_value": "Apache CouchDB 3.0.0" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in turn requires that any and all requests to CouchDB will have to be made with valid credentials, effectively forbidding any anonymous requests. The new `require_valid_user_except_for_up` is an off-by-default setting that was meant to allow requiring valid credentials for all endpoints except for the `/_up` endpoint. However, the implementation of this made an error that lead to not enforcing credentials on any endpoint, when enabled. CouchDB versions 3.0.1[1] and 3.1.0[2] fix this issue." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote Privilege Escalation" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.couchdb.org/en/master/cve/2020-1955.html", "refsource": "MISC", "url": "https://docs.couchdb.org/en/master/cve/2020-1955.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2020-1955", "datePublished": "2020-05-20T13:53:44", "dateReserved": "2019-12-02T00:00:00", "dateUpdated": "2024-08-04T06:54:00.400Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-5650
Vulnerability from cvelistv5
Published
2014-03-18 14:00
Modified
2024-08-06 21:14
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite.
References
▼ | URL | Tags |
---|---|---|
http://mail-archives.apache.org/mod_mbox/couchdb-user/201301.mbox/%3C2FFF2FD7-8EAF-4EBF-AFDA-5AEB6EAC853F%40apache.org%3E | mailing-list, x_refsource_MLIST | |
http://archives.neohapsis.com/archives/bugtraq/2013-01/0056.html | mailing-list, x_refsource_BUGTRAQ |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T21:14:16.306Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[couchdb-user] 20130114 CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mail-archives.apache.org/mod_mbox/couchdb-user/201301.mbox/%3C2FFF2FD7-8EAF-4EBF-AFDA-5AEB6EAC853F%40apache.org%3E" }, { "name": "20130114 CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0056.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-01-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-05-23T13:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[couchdb-user] 20130114 CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mail-archives.apache.org/mod_mbox/couchdb-user/201301.mbox/%3C2FFF2FD7-8EAF-4EBF-AFDA-5AEB6EAC853F%40apache.org%3E" }, { "name": "20130114 CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0056.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-5650", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[couchdb-user] 20130114 CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI", "refsource": "MLIST", "url": "http://mail-archives.apache.org/mod_mbox/couchdb-user/201301.mbox/%3C2FFF2FD7-8EAF-4EBF-AFDA-5AEB6EAC853F@apache.org%3E" }, { "name": "20130114 CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0056.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-5650", "datePublished": "2014-03-18T14:00:00", "dateReserved": "2012-10-24T00:00:00", "dateUpdated": "2024-08-06T21:14:16.306Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-5641
Vulnerability from cvelistv5
Published
2014-03-18 14:00
Modified
2024-08-06 21:14
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/57313 | vdb-entry, x_refsource_BID | |
http://seclists.org/fulldisclosure/2013/Jan/81 | mailing-list, x_refsource_FULLDISC | |
http://secunia.com/advisories/51765 | third-party-advisory, x_refsource_SECUNIA | |
https://github.com/mochi/mochiweb/issues/92 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/81240 | vdb-entry, x_refsource_XF | |
https://github.com/melkote/mochiweb/commit/ac2bf | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T21:14:16.193Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "57313", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/57313" }, { "name": "20130114 CVE-2012-5641 Apache CouchDB Information disclosure via unescaped backslashes in URLs on Windows", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2013/Jan/81" }, { "name": "51765", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/51765" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/mochi/mochiweb/issues/92" }, { "name": "apache-couchdb-dir-traversal(81240)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81240" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/melkote/mochiweb/commit/ac2bf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-01-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\\ (dot dot backslash) in the default URI." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "57313", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/57313" }, { "name": "20130114 CVE-2012-5641 Apache CouchDB Information disclosure via unescaped backslashes in URLs on Windows", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2013/Jan/81" }, { "name": "51765", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/51765" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/mochi/mochiweb/issues/92" }, { "name": "apache-couchdb-dir-traversal(81240)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81240" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/melkote/mochiweb/commit/ac2bf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-5641", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\\ (dot dot backslash) in the default URI." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "57313", "refsource": "BID", "url": "http://www.securityfocus.com/bid/57313" }, { "name": "20130114 CVE-2012-5641 Apache CouchDB Information disclosure via unescaped backslashes in URLs on Windows", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2013/Jan/81" }, { "name": "51765", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51765" }, { "name": "https://github.com/mochi/mochiweb/issues/92", "refsource": "CONFIRM", "url": "https://github.com/mochi/mochiweb/issues/92" }, { "name": "apache-couchdb-dir-traversal(81240)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81240" }, { "name": "https://github.com/melkote/mochiweb/commit/ac2bf", "refsource": "CONFIRM", "url": "https://github.com/melkote/mochiweb/commit/ac2bf" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-5641", "datePublished": "2014-03-18T14:00:00", "dateReserved": "2012-10-24T00:00:00", "dateUpdated": "2024-08-06T21:14:16.193Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-11769
Vulnerability from cvelistv5
Published
2018-08-08 15:00
Modified
2024-09-16 17:59
Severity ?
EPSS score ?
Summary
CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user under which CouchDB runs, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows a CouchDB admin user to gain arbitrary remote code execution, bypassing CVE-2017-12636 and CVE-2018-8007.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105046 | vdb-entry, x_refsource_BID | |
https://security.gentoo.org/glsa/201812-06 | vendor-advisory, x_refsource_GENTOO | |
https://lists.apache.org/thread.html/1052ad7a1b32b9756df4f7860f5cb5a96b739f444117325a19a4bf75%40%3Cdev.couchdb.apache.org%3E | x_refsource_MISC | |
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us | x_refsource_CONFIRM | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache CouchDB |
Version: Apache Tomcat 1.x and =2.1.2 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T08:17:09.231Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105046", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105046" }, { "name": "GLSA-201812-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201812-06" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.apache.org/thread.html/1052ad7a1b32b9756df4f7860f5cb5a96b739f444117325a19a4bf75%40%3Cdev.couchdb.apache.org%3E" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" }, { "name": "FEDORA-2020-83f513fd7e", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/" }, { "name": "FEDORA-2020-73bd8167a0", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache CouchDB", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "Apache Tomcat 1.x and =2.1.2" } ] } ], "datePublic": "2018-08-08T00:00:00", "descriptions": [ { "lang": "en", "value": "CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system\u0027s user under which CouchDB runs, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows a CouchDB admin user to gain arbitrary remote code execution, bypassing CVE-2017-12636 and CVE-2018-8007." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote Code Execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-16T23:06:07", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "name": "105046", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105046" }, { "name": "GLSA-201812-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201812-06" }, { "tags": [ "x_refsource_MISC" ], "url": "https://lists.apache.org/thread.html/1052ad7a1b32b9756df4f7860f5cb5a96b739f444117325a19a4bf75%40%3Cdev.couchdb.apache.org%3E" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" }, { "name": "FEDORA-2020-83f513fd7e", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/" }, { "name": "FEDORA-2020-73bd8167a0", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-08-08T00:00:00", "ID": "CVE-2018-11769", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache CouchDB", "version": { "version_data": [ { "version_value": "Apache Tomcat 1.x and =2.1.2" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system\u0027s user under which CouchDB runs, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows a CouchDB admin user to gain arbitrary remote code execution, bypassing CVE-2017-12636 and CVE-2018-8007." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote Code Execution" } ] } ] }, "references": { "reference_data": [ { "name": "105046", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105046" }, { "name": "GLSA-201812-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201812-06" }, { "name": "https://lists.apache.org/thread.html/1052ad7a1b32b9756df4f7860f5cb5a96b739f444117325a19a4bf75@%3Cdev.couchdb.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/1052ad7a1b32b9756df4f7860f5cb5a96b739f444117325a19a4bf75@%3Cdev.couchdb.apache.org%3E" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" }, { "name": "FEDORA-2020-83f513fd7e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/" }, { "name": "FEDORA-2020-73bd8167a0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-11769", "datePublished": "2018-08-08T15:00:00Z", "dateReserved": "2018-06-05T00:00:00", "dateUpdated": "2024-09-16T17:59:21.214Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8742
Vulnerability from cvelistv5
Published
2018-02-12 17:00
Modified
2024-09-17 00:26
Severity ?
EPSS score ?
Summary
The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1.
References
▼ | URL | Tags |
---|---|---|
http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E | mailing-list, x_refsource_MLIST | |
https://www.exploit-db.com/exploits/40865/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.securityfocus.com/bid/94766 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache CouchDB |
Version: 2.0.0 (Windows platform only) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:34:59.611Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[couchdb-dev] 20161208 http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E" }, { "name": "40865", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/40865/" }, { "name": "94766", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94766" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache CouchDB", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "2.0.0 (Windows platform only)" } ] } ], "datePublic": "2016-12-08T00:00:00", "descriptions": [ { "lang": "en", "value": "The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1." } ], "problemTypes": [ { "descriptions": [ { "description": "File permissions", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-13T10:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "name": "[couchdb-dev] 20161208 http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E" }, { "name": "40865", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/40865/" }, { "name": "94766", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94766" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2016-12-08T00:00:00", "ID": "CVE-2016-8742", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache CouchDB", "version": { "version_data": [ { "version_value": "2.0.0 (Windows platform only)" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "File permissions" } ] } ] }, "references": { "reference_data": [ { "name": "[couchdb-dev] 20161208 http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E", "refsource": "MLIST", "url": "http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E" }, { "name": "40865", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40865/" }, { "name": "94766", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94766" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2016-8742", "datePublished": "2018-02-12T17:00:00Z", "dateReserved": "2016-10-18T00:00:00", "dateUpdated": "2024-09-17T00:26:42.742Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-8007
Vulnerability from cvelistv5
Published
2018-07-11 13:00
Modified
2024-09-16 17:04
Severity ?
EPSS score ?
Summary
Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows an existing CouchDB admin user to gain arbitrary remote code execution, bypassing already disclosed CVE-2017-12636. Mitigation: All users should upgrade to CouchDB releases 1.7.2 or 2.1.2.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache CouchDB |
Version: < 1.7.2 Version: 2.0.0 to 2.1.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:46:11.455Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[couchdb-announce] 20180710 Apache CouchDB 2.1.2 released", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3c1439409216.6221.1531246856676.JavaMail.Joan%40RITA%3e" }, { "name": "GLSA-201812-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201812-06" }, { "name": "[couchdb-announce] 20180710 Apache CouchDB 1.7.2 released", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3C1699016538.6219.1531246785603.JavaMail.Joan%40RITA%3E" }, { "name": "104741", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104741" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.mdsec.co.uk/2018/08/advisory-cve-2018-8007-apache-couchdb-remote-code-execution/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://blog.couchdb.org/2018/07/10/cve-2018-8007/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" }, { "name": "FEDORA-2020-83f513fd7e", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/" }, { "name": "FEDORA-2020-73bd8167a0", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache CouchDB", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "\u003c 1.7.2" }, { "status": "affected", "version": "2.0.0 to 2.1.1" } ] } ], "datePublic": "2018-07-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system\u0027s user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows an existing CouchDB admin user to gain arbitrary remote code execution, bypassing already disclosed CVE-2017-12636. Mitigation: All users should upgrade to CouchDB releases 1.7.2 or 2.1.2." } ], "problemTypes": [ { "descriptions": [ { "description": "Administrative Privilege Escalation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-16T23:06:06", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "name": "[couchdb-announce] 20180710 Apache CouchDB 2.1.2 released", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3c1439409216.6221.1531246856676.JavaMail.Joan%40RITA%3e" }, { "name": "GLSA-201812-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201812-06" }, { "name": "[couchdb-announce] 20180710 Apache CouchDB 1.7.2 released", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3C1699016538.6219.1531246785603.JavaMail.Joan%40RITA%3E" }, { "name": "104741", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104741" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.mdsec.co.uk/2018/08/advisory-cve-2018-8007-apache-couchdb-remote-code-execution/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://blog.couchdb.org/2018/07/10/cve-2018-8007/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" }, { "name": "FEDORA-2020-83f513fd7e", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/" }, { "name": "FEDORA-2020-73bd8167a0", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-07-10T00:00:00", "ID": "CVE-2018-8007", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache CouchDB", "version": { "version_data": [ { "version_value": "\u003c 1.7.2" }, { "version_value": "2.0.0 to 2.1.1" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system\u0027s user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows an existing CouchDB admin user to gain arbitrary remote code execution, bypassing already disclosed CVE-2017-12636. Mitigation: All users should upgrade to CouchDB releases 1.7.2 or 2.1.2." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Administrative Privilege Escalation" } ] } ] }, "references": { "reference_data": [ { "name": "[couchdb-announce] 20180710 Apache CouchDB 2.1.2 released", "refsource": "MLIST", "url": "http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3c1439409216.6221.1531246856676.JavaMail.Joan@RITA%3e" }, { "name": "GLSA-201812-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201812-06" }, { "name": "[couchdb-announce] 20180710 Apache CouchDB 1.7.2 released", "refsource": "MLIST", "url": "http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3C1699016538.6219.1531246785603.JavaMail.Joan%40RITA%3E" }, { "name": "104741", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104741" }, { "name": "https://www.mdsec.co.uk/2018/08/advisory-cve-2018-8007-apache-couchdb-remote-code-execution/", "refsource": "MISC", "url": "https://www.mdsec.co.uk/2018/08/advisory-cve-2018-8007-apache-couchdb-remote-code-execution/" }, { "name": "https://blog.couchdb.org/2018/07/10/cve-2018-8007/", "refsource": "CONFIRM", "url": "https://blog.couchdb.org/2018/07/10/cve-2018-8007/" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" }, { "name": "FEDORA-2020-83f513fd7e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/" }, { "name": "FEDORA-2020-73bd8167a0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-8007", "datePublished": "2018-07-11T13:00:00Z", "dateReserved": "2018-03-09T00:00:00", "dateUpdated": "2024-09-16T17:04:00.488Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12635
Vulnerability from cvelistv5
Published
2017-11-14 20:00
Modified
2024-09-17 01:31
Severity ?
EPSS score ?
Summary
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
References
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/44498/ | exploit, x_refsource_EXPLOIT-DB | |
https://www.exploit-db.com/exploits/45019/ | exploit, x_refsource_EXPLOIT-DB | |
https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/201711-16 | vendor-advisory, x_refsource_GENTOO | |
https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html | mailing-list, x_refsource_MLIST | |
http://www.securityfocus.com/bid/101868 | vdb-entry, x_refsource_BID | |
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache CouchDB |
Version: 1.2.0 to 1.6.1 Version: 2.0.0 to 2.1.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:43:56.416Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "44498", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/44498/" }, { "name": "45019", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/45019/" }, { "name": "[dev] 20171114 Apache CouchDB CVE-2017-12635 and CVE-2017-12636", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E" }, { "name": "GLSA-201711-16", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-16" }, { "name": "[debian-lts-announce] 20180121 [SECURITY] [DLA 1252-1] couchdb security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html" }, { "name": "101868", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101868" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache CouchDB", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "1.2.0 to 1.6.1" }, { "status": "affected", "version": "2.0.0 to 2.1.0" } ] } ], "datePublic": "2017-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for \u0027roles\u0027 used for access control within the database, including the special case \u0027_admin\u0027 role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two \u0027roles\u0027 keys are available in the JSON, the second one will be used for authorising the document write, but the first \u0027roles\u0027 key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-13T18:06:09", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "name": "44498", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/44498/" }, { "name": "45019", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/45019/" }, { "name": "[dev] 20171114 Apache CouchDB CVE-2017-12635 and CVE-2017-12636", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E" }, { "name": "GLSA-201711-16", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-16" }, { "name": "[debian-lts-announce] 20180121 [SECURITY] [DLA 1252-1] couchdb security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html" }, { "name": "101868", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101868" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2017-11-14T00:00:00", "ID": "CVE-2017-12635", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache CouchDB", "version": { "version_data": [ { "version_value": "1.2.0 to 1.6.1" }, { "version_value": "2.0.0 to 2.1.0" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for \u0027roles\u0027 used for access control within the database, including the special case \u0027_admin\u0027 role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two \u0027roles\u0027 keys are available in the JSON, the second one will be used for authorising the document write, but the first \u0027roles\u0027 key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "44498", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44498/" }, { "name": "45019", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45019/" }, { "name": "[dev] 20171114 Apache CouchDB CVE-2017-12635 and CVE-2017-12636", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E" }, { "name": "GLSA-201711-16", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-16" }, { "name": "[debian-lts-announce] 20180121 [SECURITY] [DLA 1252-1] couchdb security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html" }, { "name": "101868", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101868" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-12635", "datePublished": "2017-11-14T20:00:00Z", "dateReserved": "2017-08-07T00:00:00", "dateUpdated": "2024-09-17T01:31:53.828Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2014-03-18 17:02
Modified
2024-11-21 01:45
Severity ?
Summary
Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
apache | couchdb | * | |
apache | couchdb | 1.0.0 | |
apache | couchdb | 1.0.1 | |
apache | couchdb | 1.0.2 | |
apache | couchdb | 1.1.0 | |
apache | couchdb | 1.1.1 | |
apache | couchdb | 1.2.0 | |
mochiweb_project | mochiweb | * | |
mochiweb_project | mochiweb | 2.1.0 | |
mochiweb_project | mochiweb | 2.2.0 | |
mochiweb_project | mochiweb | 2.2.1 | |
mochiweb_project | mochiweb | 2.3.0 | |
mochiweb_project | mochiweb | 2.3.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6B47DCC-A6D4-452D-914D-2C3261022ECF", "versionEndIncluding": "1.0.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6572D2CB-472B-4CF0-B802-F52C12BA88BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0F3142CB-1AF1-456D-AF66-3701FECBD490", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "00AEAD55-82F4-4B18-A7DA-56B0D3EFAF3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3513A36D-5D92-4CDC-AA96-F3E2A390B493", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B49729E5-5B82-47AB-A9A6-5ED7C725591C", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C4C2436A-0E85-44F8-9691-B193D8E3B8A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:mochiweb_project:mochiweb:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD552EB6-A95F-4B80-B5B1-FBAB83CBCC77", "versionEndIncluding": "2.3.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:mochiweb_project:mochiweb:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "172A46BC-F900-4407-8968-A28D10BEFC8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:mochiweb_project:mochiweb:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "91783915-10E5-4798-BF53-F8F14133FE86", "vulnerable": true }, { "criteria": "cpe:2.3:a:mochiweb_project:mochiweb:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "A4150C96-780E-45F7-A7BB-4B8C9331C8F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:mochiweb_project:mochiweb:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BBEBF7F-68BE-48E6-AE24-F1430296D63F", "vulnerable": true }, { "criteria": "cpe:2.3:a:mochiweb_project:mochiweb:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "B3DD416F-E07A-480B-9D66-EE001E1AB9AC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\\ (dot dot backslash) in the default URI." }, { "lang": "es", "value": "Vulnerabilidad de salto de directorio en la funci\u00f3n partition2 en mochiweb_util.erl en MochiWeb anterior a 2.4.0, utilizado en Apache CouchDB anterior a 1.0.4, 1.1.x anterior a 1.1.2 y 1.2.x anterior a 1.2.1, permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de un ..\\ (punto punto barra invertida) en la URI por defecto." } ], "id": "CVE-2012-5641", "lastModified": "2024-11-21T01:45:01.600", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-03-18T17:02:49.637", "references": [ { "source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2013/Jan/81" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/51765" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/57313" }, { "source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81240" }, { "source": "secalert@redhat.com", "tags": [ "Exploit", "Patch" ], "url": "https://github.com/melkote/mochiweb/commit/ac2bf" }, { "source": "secalert@redhat.com", "url": "https://github.com/mochi/mochiweb/issues/92" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2013/Jan/81" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/51765" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/57313" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81240" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "https://github.com/melkote/mochiweb/commit/ac2bf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/mochi/mochiweb/issues/92" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-22" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-03-28 16:51
Modified
2024-11-21 02:06
Severity ?
Summary
Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "F14F6507-3C19-43E2-BC78-5C4036F62872", "versionEndIncluding": "1.5.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids." }, { "lang": "es", "value": "Apache CouchDB 1.5.0 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de CPU y memoria) a trav\u00e9s del par\u00e1metro count hacia /_uuids." } ], "id": "CVE-2014-2668", "lastModified": "2024-11-21T02:06:45.247", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-03-28T16:51:06.127", "references": [ { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00039.html" }, { "source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/125889" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/57572" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.exploit-db.com/exploits/32519" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/66474" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1029967" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92161" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00039.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/125889" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/57572" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.exploit-db.com/exploits/32519" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/66474" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1029967" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92161" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-08-08 15:29
Modified
2024-11-21 03:43
Severity ?
Summary
CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user under which CouchDB runs, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows a CouchDB admin user to gain arbitrary remote code execution, bypassing CVE-2017-12636 and CVE-2018-8007.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "284AD9A0-E79C-4AC9-89E8-46FD8FB29E1D", "versionEndExcluding": "2.2.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system\u0027s user under which CouchDB runs, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows a CouchDB admin user to gain arbitrary remote code execution, bypassing CVE-2017-12636 and CVE-2018-8007." }, { "lang": "es", "value": "Los usuarios administrativos de CouchDB en versiones anteriores a la 2.2.0 pueden configurar el servidor de la base de datos mediante HTTP(S). Debido a la validaci\u00f3n insuficiente de las opciones de configuraci\u00f3n proporcionadas por el administrador mediante la API HTTP, es posible que un usuario administrador de CouchDB escale sus privilegios a los del usuario del sistema operativo bajo el que se ejecuta CouchDB. Esto se realiza mediante la omisi\u00f3n de la lista negra de opciones de configuraci\u00f3n que no pueden ser modificadas mediante la API HTTP. Este escalado de privilegios permite que un usuario admin de CouchDB pueda ejecutar c\u00f3digo de forma remota mediante la omisi\u00f3n del CVE-2017-12636 y el CVE-2018-8007." } ], "id": "CVE-2018-11769", "lastModified": "2024-11-21T03:43:59.683", "metrics": { "cvssMetricV2": [ { "acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-08-08T15:29:00.257", "references": [ { "source": "security@apache.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/105046" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/1052ad7a1b32b9756df4f7860f5cb5a96b739f444117325a19a4bf75%40%3Cdev.couchdb.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201812-06" }, { "source": "security@apache.org", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/105046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/1052ad7a1b32b9756df4f7860f5cb5a96b739f444117325a19a4bf75%40%3Cdev.couchdb.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201812-06" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-11-14 20:29
Modified
2024-11-21 03:09
Severity ?
Summary
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCEE0A7F-2D9E-4B71-AB1D-F7E51FAF8839", "versionEndExcluding": "1.7.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7C28D397-7FB6-472F-A602-C2E7E4CCC7D9", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:2.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "20694545-A117-4327-9704-E4E9C26C0A10", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:2.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "53337458-D551-42E3-825D-1E94AB8409D3", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:2.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "C6848350-0CDC-4CB1-B6DB-1A47227F10AF", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:2.0.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "2A820A52-9170-4E32-B224-1C9E7F48A6D2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for \u0027roles\u0027 used for access control within the database, including the special case \u0027_admin\u0027 role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two \u0027roles\u0027 keys are available in the JSON, the second one will be used for authorising the document write, but the first \u0027roles\u0027 key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges." }, { "lang": "es", "value": "Debido a las diferencias en el analizador sint\u00e1ctico de JSON basado en Erlang y el el analizador sint\u00e1ctico de JSON basado en JavaScript, es posible que, en versiones anteriores a la 1.7.0 y en las versiones 2.x anteriores a la 2.1.1 de Apache CouchDB, se puedan enviar documentos _users con claves duplicadas para \"roles\" empleados para el control de acceso en la base de datos, incluyendo el caso especial del rol \"_admin\", que denota a los usuarios administrativos. Esto puede utilizarse conjuntamente con CVE-2017-12636 (ejecuci\u00f3n remota de c\u00f3digo) para dar acceso a usuarios no administradores a comandos shell arbitrarios en el servidor como el usuario del sistema de la base de datos. Las diferencias entre analizadores sint\u00e1cticos de JSON resultan en un comportamiento por el cual, si dos claves \"roles\" est\u00e1n disponibles en el JSON, la segunda se emplear\u00e1 para autorizar la escritura del documento, pero la primera clave \"roles\" se emplea para la subsecuente autorizaci\u00f3n para el usuario recientemente creado. Por dise\u00f1o, los usuarios no pueden asignase roles a s\u00ed mismos. La vulnerabilidad permite que usuarios no administradores se autoasignen privilegios de administrador." } ], "id": "CVE-2017-12635", "lastModified": "2024-11-21T03:09:56.480", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-11-14T20:29:00.200", "references": [ { "source": "security@apache.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/101868" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-16" }, { "source": "security@apache.org", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" }, { "source": "security@apache.org", "url": "https://www.exploit-db.com/exploits/44498/" }, { "source": "security@apache.org", "url": "https://www.exploit-db.com/exploits/45019/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/101868" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-16" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/44498/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/45019/" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-269" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-04-05 16:30
Modified
2024-11-21 01:11
Severity ?
Summary
Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:couchdb:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "6C34E385-5C4A-40B7-B885-9C4E8650951E", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "851F7B38-A8DE-4C8C-B269-17341BD65FA5", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "9E309D1E-3E22-4DF0-9A5C-D40640046600", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "83D814EB-31BB-41DD-923D-E4379B3875E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "59EB2847-CACC-42A1-88FF-73E638E5F9DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "3057284C-DD40-4F03-BC6A-E41E5CF53FD9", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "0B8F76AB-6794-44BE-AE6B-34B52690A2DE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords." }, { "lang": "es", "value": "Apache CouchDB v0.8.0 hasta v0.10.1 permite a atacantes remotos conseguir informaci\u00f3n sensible midiedfo el tiempo de completar las operaciones que verifican (1) hashes o (2) passwords." } ], "id": "CVE-2010-0009", "lastModified": "2024-11-21T01:11:19.190", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2010-04-05T16:30:00.547", "references": [ { "source": "secalert@redhat.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2010-03/0267.html" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://couchdb.apache.org/security.html" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/39146" }, { "source": "secalert@redhat.com", "url": "http://www.osvdb.org/63350" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/510427/100/0/threaded" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/39116" }, { "source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578572" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2010-03/0267.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://couchdb.apache.org/security.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/39146" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/63350" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/510427/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/39116" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578572" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-11-14 20:29
Modified
2024-11-21 03:09
Severity ?
Summary
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCEE0A7F-2D9E-4B71-AB1D-F7E51FAF8839", "versionEndExcluding": "1.7.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7C28D397-7FB6-472F-A602-C2E7E4CCC7D9", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:2.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "20694545-A117-4327-9704-E4E9C26C0A10", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:2.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "53337458-D551-42E3-825D-1E94AB8409D3", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:2.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "C6848350-0CDC-4CB1-B6DB-1A47227F10AF", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:2.0.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "2A820A52-9170-4E32-B224-1C9E7F48A6D2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet." }, { "lang": "es", "value": "Los usuarios administrativos de CouchDB pueden configurar el servidor de la base de datos mediante HTTP(S). Algunas de las opciones de configuraci\u00f3n incluyen rutas para operar binarios a nivel de sistema que son iniciados subsecuentemente por CouchDB. Esto permite que un usuario administrador en versiones anteriores a la 1.7.0 y versiones 2.x anteriores a la 2.1.1 de Apache CouchDB ejecuten comandos shell arbitrarios como el usuario CouchDB, incluyendo la descarga y ejecuci\u00f3n de scripts del internet p\u00fablico." } ], "id": "CVE-2017-12636", "lastModified": "2024-11-21T03:09:56.593", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-11-14T20:29:00.247", "references": [ { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-16" }, { "source": "security@apache.org", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" }, { "source": "security@apache.org", "url": "https://www.exploit-db.com/exploits/44913/" }, { "source": "security@apache.org", "url": "https://www.exploit-db.com/exploits/45019/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-16" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/44913/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/45019/" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-78" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-08-19 22:00
Modified
2024-11-21 01:16
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:couchdb:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "6C34E385-5C4A-40B7-B885-9C4E8650951E", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "851F7B38-A8DE-4C8C-B269-17341BD65FA5", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "9E309D1E-3E22-4DF0-9A5C-D40640046600", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "83D814EB-31BB-41DD-923D-E4379B3875E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "59EB2847-CACC-42A1-88FF-73E638E5F9DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "3057284C-DD40-4F03-BC6A-E41E5CF53FD9", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "0B8F76AB-6794-44BE-AE6B-34B52690A2DE", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "58F9A741-1257-4ED3-9A70-FE2545C40742", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL." }, { "lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Apache CouchDB 0.8.0 a 0.11.0, permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones directas a una URL de instalaci\u00f3n." } ], "id": "CVE-2010-2234", "lastModified": "2024-11-21T01:16:12.457", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2010-08-19T22:00:01.953", "references": [ { "source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2010/Aug/199" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/513174/100/0/threaded" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/42501" }, { "source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624764" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2010/Aug/199" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/513174/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/42501" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624764" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-352" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-05-20 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in turn requires that any and all requests to CouchDB will have to be made with valid credentials, effectively forbidding any anonymous requests. The new `require_valid_user_except_for_up` is an off-by-default setting that was meant to allow requiring valid credentials for all endpoints except for the `/_up` endpoint. However, the implementation of this made an error that lead to not enforcing credentials on any endpoint, when enabled. CouchDB versions 3.0.1[1] and 3.1.0[2] fix this issue.
References
▼ | URL | Tags | |
---|---|---|---|
security@apache.org | https://docs.couchdb.org/en/master/cve/2020-1955.html | Mitigation, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchdb.org/en/master/cve/2020-1955.html | Mitigation, Vendor Advisory |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:couchdb:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6CF039B4-F4AB-4A07-9BE5-5FA7C73A23B4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in turn requires that any and all requests to CouchDB will have to be made with valid credentials, effectively forbidding any anonymous requests. The new `require_valid_user_except_for_up` is an off-by-default setting that was meant to allow requiring valid credentials for all endpoints except for the `/_up` endpoint. However, the implementation of this made an error that lead to not enforcing credentials on any endpoint, when enabled. CouchDB versions 3.0.1[1] and 3.1.0[2] fix this issue." }, { "lang": "es", "value": "CouchDB versi\u00f3n 3.0.0, es enviada con una nueva configuraci\u00f3n que rige el control de acceso a todo el servidor de base de datos llamada \"require_valid_user_except_for_up\". Se supon\u00eda que una extensi\u00f3n del antiguo ajuste \"require_valid_user\", que a su vez requiere que todas y cada una de las peticiones hacia CouchDB tengan que hacerse con credenciales v\u00e1lidas, prohibiendo efectivamente cualquier petici\u00f3n an\u00f3nima. El nuevo \"require_valid_user_except_for_up\" es un ajuste desactivado por defecto que se supone que permite requerir credenciales v\u00e1lidas para todos los endpoints excepto para el endpoint \"/_up\". Sin embargo, la implementaci\u00f3n de \u00e9ste cometi\u00f3 un error que conllev\u00f3 a no aplicar las credenciales sobre ning\u00fan endpoint, cuando estaba habilitado. CouchDB versiones 3.0.1[1] y 3.1.0[2] corrige este problema." } ], "id": "CVE-2020-1955", "lastModified": "2024-11-21T05:11:43.880", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-05-20T14:15:11.550", "references": [ { "source": "security@apache.org", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://docs.couchdb.org/en/master/cve/2020-1955.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://docs.couchdb.org/en/master/cve/2020-1955.html" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-306" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-05-02 21:15
Modified
2024-11-21 07:51
Severity ?
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:
* validate_doc_update
* list
* filter
* filter views (using view functions as filters)
* rewrite
* update
This doesn't affect map/reduce or search (Dreyfus) index functions.
Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).
Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "78AD8F98-C0F4-423D-875B-B34A8AEB82C0", "versionEndExcluding": "3.2.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "1969B512-C576-47F3-86A2-A916AC792508", "versionEndExcluding": "3.3.2", "versionStartIncluding": "3.3.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:cloudant:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA26A222-7576-432C-915E-F1FC87AE4751", "versionEndIncluding": "8349", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:\n * validate_doc_update\n\n * list\n\n * filter\n\n * filter views (using view functions as filters)\n\n * rewrite\n\n * update\n\n\n\nThis doesn\u0027t affect map/reduce or search (Dreyfus) index functions.\n\nUsers are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).\n\nWorkaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.\n\n" } ], "id": "CVE-2023-26268", "lastModified": "2024-11-21T07:51:00.943", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 1.3, "impactScore": 2.7, "source": "security@apache.org", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-05-02T21:15:09.233", "references": [ { "source": "security@apache.org", "tags": [ "Vendor Advisory" ], "url": "https://docs.couchdb.org/en/stable/cve/2023-26268.html" }, { "source": "security@apache.org", "tags": [ "Mailing List" ], "url": "https://lists.apache.org/thread/ldkqs0nhpmho26bdxf4fon7w75hsq5gl" }, { "source": "security@apache.org", "tags": [ "Mailing List" ], "url": "https://lists.apache.org/thread/r2wvjfysg3d92lhhjd1qh3wfr8mlp0pp" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://docs.couchdb.org/en/stable/cve/2023-26268.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://lists.apache.org/thread/ldkqs0nhpmho26bdxf4fon7w75hsq5gl" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://lists.apache.org/thread/r2wvjfysg3d92lhhjd1qh3wfr8mlp0pp" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "security@apache.org", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-02-12 17:29
Modified
2024-11-21 02:59
Severity ?
Summary
The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1.
References
▼ | URL | Tags | |
---|---|---|---|
security@apache.org | http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E | Vendor Advisory | |
security@apache.org | http://www.securityfocus.com/bid/94766 | Third Party Advisory, VDB Entry | |
security@apache.org | https://www.exploit-db.com/exploits/40865/ | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94766 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40865/ | Third Party Advisory, VDB Entry |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:couchdb:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7C28D397-7FB6-472F-A602-C2E7E4CCC7D9", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1." }, { "lang": "es", "value": "El instalador de Windows que proporciona el equipo de Apache CouchDB era vulnerable a un escalado de privilegios local. Todos los archivos en el instalador heredan los permisos de archivo del directorio principal y, por lo tanto, un usuario sin privilegios puede sustituir cualquier ejecutable por el iniciador del servicio nssm.exe o los archivos de lotes o binarios de CouchDB. Un reinicio subsecuente del servicio o del servidor ejecutar\u00e1 ese binario con privilegios de administrador. Este problema afecta a CouchDB 2.0.0 (solo en plataformas Windows) y fue abordado en CouchDB 2.0.0.1." } ], "id": "CVE-2016-8742", "lastModified": "2024-11-21T02:59:58.370", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-02-12T17:29:00.277", "references": [ { "source": "security@apache.org", "tags": [ "Vendor Advisory" ], "url": "http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/94766" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://www.exploit-db.com/exploits/40865/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/94766" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://www.exploit-db.com/exploits/40865/" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-10-14 20:15
Modified
2024-11-21 06:16
Severity ?
Summary
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "055B353E-396A-4925-96AC-1D2877607139", "versionEndExcluding": "3.1.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2" }, { "lang": "es", "value": "En Apache CouchDB, un usuario malicioso con permiso para crear documentos en una base de datos puede adjuntar un archivo adjunto HTML a un documento. Si un administrador de CouchDB abre ese adjunto en un navegador, por ejemplo, por medio de la interfaz de administraci\u00f3n de CouchDB Fauxton, cualquier c\u00f3digo JavaScript insertado en ese adjunto HTML se ejecutar\u00e1 dentro del contexto de seguridad de ese administrador. Una ruta similar est\u00e1 disponible con la funcionalidad _show y _list, ya obsoleta. Esta vulnerabilidad de escalada de privilegios permite a un atacante a\u00f1adir o eliminar datos en cualquier base de datos o realizar cambios de configuraci\u00f3n. Este problema afectaba a Apache CouchDB versiones anteriores a 3.1.2" } ], "id": "CVE-2021-38295", "lastModified": "2024-11-21T06:16:44.313", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-10-14T20:15:09.017", "references": [ { "source": "security@apache.org", "tags": [ "Vendor Advisory" ], "url": "https://docs.couchdb.org/en/stable/cve/2021-38295.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://docs.couchdb.org/en/stable/cve/2021-38295.html" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-07-11 13:29
Modified
2024-11-21 04:13
Severity ?
Summary
Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows an existing CouchDB admin user to gain arbitrary remote code execution, bypassing already disclosed CVE-2017-12636. Mitigation: All users should upgrade to CouchDB releases 1.7.2 or 2.1.2.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "C22F0D70-503C-44FA-828F-3BB733CCDAE5", "versionEndIncluding": "1.7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F20CFCE-9177-45B2-B239-78F143078B9D", "versionEndIncluding": "2.1.1", "versionStartIncluding": "2.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system\u0027s user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows an existing CouchDB admin user to gain arbitrary remote code execution, bypassing already disclosed CVE-2017-12636. Mitigation: All users should upgrade to CouchDB releases 1.7.2 or 2.1.2." }, { "lang": "es", "value": "Los usuarios administrativos de Apache CouchDB pueden configurar el servidor de la base de datos mediante HTTP(S). Debido a la validaci\u00f3n insuficiente de las opciones de configuraci\u00f3n proporcionadas por el administrador mediante la API HTTP, es posible que un usuario administrador de CouchDB escale sus privilegios a los del usuario del sistema operativo bajo el que se ejecuta CouchDB. Esto se realiza mediante la omisi\u00f3n de la lista negra de opciones de configuraci\u00f3n que no pueden ser modificadas mediante la API HTTP. Este escalado de privilegios permite que un usuario admin de CouchDB existente pueda ejecutar c\u00f3digo de forma remota mediante la omisi\u00f3n del CVE-2017-12636 ya revelado. Mitigaci\u00f3n: todos los usuarios deber\u00edan actualizar a CouchDB en versiones 1.7.2 o 2.1.2." } ], "id": "CVE-2018-8007", "lastModified": "2024-11-21T04:13:04.770", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-07-11T13:29:00.363", "references": [ { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3C1699016538.6219.1531246785603.JavaMail.Joan%40RITA%3E" }, { "source": "security@apache.org", "url": "http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3c1439409216.6221.1531246856676.JavaMail.Joan%40RITA%3e" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/104741" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://blog.couchdb.org/2018/07/10/cve-2018-8007/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201812-06" }, { "source": "security@apache.org", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" }, { "source": "security@apache.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.mdsec.co.uk/2018/08/advisory-cve-2018-8007-apache-couchdb-remote-code-execution/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3C1699016538.6219.1531246785603.JavaMail.Joan%40RITA%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3c1439409216.6221.1531246856676.JavaMail.Joan%40RITA%3e" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/104741" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://blog.couchdb.org/2018/07/10/cve-2018-8007/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201812-06" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.mdsec.co.uk/2018/08/advisory-cve-2018-8007-apache-couchdb-remote-code-execution/" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-09-21 21:29
Modified
2024-11-21 03:50
Severity ?
Summary
CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://vectra.ai/security-advisories | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://vectra.ai/security-advisories | Vendor Advisory |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:couchdb:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5A17CE5-9035-47C5-884E-9AFFD6F8BFBB", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:vectra:cognito:*:*:*:*:*:*:*:*", "matchCriteriaId": "4FFE082B-04C4-4DEE-9EFC-40E8F6B40747", "versionEndExcluding": "4.3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability." }, { "lang": "es", "value": "CouchDB en Cognito Brain y Cognito Sensor de Vectra Networks en versiones anteriores a la 4.3 contiene una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo local." } ], "id": "CVE-2018-14889", "lastModified": "2024-11-21T03:50:01.417", "metrics": { "cvssMetricV2": [ { "acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-09-21T21:29:00.357", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://vectra.ai/security-advisories" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://vectra.ai/security-advisories" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2011-02-02 01:00
Modified
2024-11-21 01:19
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
apache | couchdb | 0.8.0 | |
apache | couchdb | 0.8.1 | |
apache | couchdb | 0.9.0 | |
apache | couchdb | 0.9.1 | |
apache | couchdb | 0.9.2 | |
apache | couchdb | 0.10.0 | |
apache | couchdb | 0.10.1 | |
apache | couchdb | 0.10.2 | |
apache | couchdb | 0.11.0 | |
apache | couchdb | 0.11.1 | |
apache | couchdb | 0.11.2 | |
apache | couchdb | 1.0.0 | |
apache | couchdb | 1.0.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:couchdb:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "6C34E385-5C4A-40B7-B885-9C4E8650951E", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "851F7B38-A8DE-4C8C-B269-17341BD65FA5", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "9E309D1E-3E22-4DF0-9A5C-D40640046600", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "83D814EB-31BB-41DD-923D-E4379B3875E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "59EB2847-CACC-42A1-88FF-73E638E5F9DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "3057284C-DD40-4F03-BC6A-E41E5CF53FD9", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "0B8F76AB-6794-44BE-AE6B-34B52690A2DE", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "CAFF4452-E786-4D48-ABCD-DBD18E9B9C47", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "58F9A741-1257-4ED3-9A70-FE2545C40742", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "B53CB851-F1AF-4292-AF3D-9191B71F3BC8", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:0.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "CAF2BB9E-B94C-466D-BA5A-CA9CAD372012", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6572D2CB-472B-4CF0-B802-F52C12BA88BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0F3142CB-1AF1-456D-AF66-3701FECBD490", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." }, { "lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la interfaz de administraci\u00f3n web (tambi\u00e9n conocido como Futon) en Apache CouchDB v0.8.0 hasta v1.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados." } ], "id": "CVE-2010-3854", "lastModified": "2024-11-21T01:19:45.610", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2011-02-02T01:00:02.390", "references": [ { "source": "secalert@redhat.com", "url": "http://mail-archives.apache.org/mod_mbox/couchdb-dev/201101.mbox/%3CC840F655-C8C5-4EC6-8AA8-DD223E39C34A%40apache.org%3E" }, { "source": "secalert@redhat.com", "url": "http://osvdb.org/70734" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/43111" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/516058/100/0/threaded" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/46066" }, { "source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1025013" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0263" }, { "source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65050" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://mail-archives.apache.org/mod_mbox/couchdb-dev/201101.mbox/%3CC840F655-C8C5-4EC6-8AA8-DD223E39C34A%40apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/70734" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/43111" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/516058/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/46066" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1025013" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0263" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65050" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-12-13 08:15
Modified
2024-11-21 08:27
Severity ?
Summary
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.
These design document functions are:
* list
* show
* rewrite
* update
An attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an "update" function.
For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.
Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers
References
▼ | URL | Tags | |
---|---|---|---|
security@apache.org | https://docs.couchdb.org/en/stable/cve/2023-45725.html | Patch, Vendor Advisory | |
security@apache.org | https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg | Mailing List, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchdb.org/en/stable/cve/2023-45725.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg | Mailing List, Vendor Advisory |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "22748077-2553-46DD-A3C6-F4C1775C275E", "versionEndIncluding": "3.3.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.\n\nThese design document functions are:\n * \u00a0 list\n * \u00a0 show\n * \u00a0 rewrite\n * \u00a0 update\n\nAn attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an \"update\" function.\n\nFor the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.\n\nWorkaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object\u0027s headers\n" }, { "lang": "es", "value": "Las funciones de dise\u00f1o de documentos que reciben un objeto de solicitud http de usuario pueden exponer los encabezados de cookies de sesi\u00f3n o de autorizaci\u00f3n del usuario que accede al documento. Estas funciones del documento de dise\u00f1o son: * lista * mostrar * reescribir * actualizar. Un atacante puede filtrar el componente de la sesi\u00f3n utilizando una salida similar a HTML, insertar la sesi\u00f3n como un recurso externo (como una imagen) o almacenar la credencial en un documento local con una funci\u00f3n de \"actualizaci\u00f3n\". Para que el ataque tenga \u00e9xito, el atacante debe poder insertar los documentos de dise\u00f1o en la base de datos y luego manipular a un usuario para que acceda a una funci\u00f3n desde ese documento de dise\u00f1o. Workaround: evite el uso de documentos de dise\u00f1o de fuentes no confiables que puedan intentar acceder o manipular los encabezados de los objetos de solicitud." } ], "id": "CVE-2023-45725", "lastModified": "2024-11-21T08:27:16.050", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-12-13T08:15:50.190", "references": [ { "source": "security@apache.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://docs.couchdb.org/en/stable/cve/2023-45725.html" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://docs.couchdb.org/en/stable/cve/2023-45725.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "security@apache.org", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-09-14 19:00
Modified
2024-11-21 01:17
Severity ?
Summary
Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current working directory.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:couchdb:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "6C34E385-5C4A-40B7-B885-9C4E8650951E", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current working directory." }, { "lang": "es", "value": "Vulnerabilidad ruta de b\u00fasqueda no confiable en un cierto parche de Debian GNU/Linux para el script couchdb en CouchDB 0.8.0 permite a usuarios locales escalar privilegios mediante una librer\u00eda compartida manipulada en el directorio de trabajo actual." } ], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n\u0027CWE-426: Untrusted Search Path\u0027", "id": "CVE-2010-2953", "lastModified": "2024-11-21T01:17:43.503", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2010-09-14T19:00:01.593", "references": [ { "source": "secalert@redhat.com", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594412" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/41383" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2010/dsa-2107" }, { "source": "secalert@redhat.com", "url": "http://www.nth-dimension.org.uk/blog.php?id=87" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2010/08/25/7" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2010/08/26/1" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2010/08/26/5" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2010/08/29/4" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/42758" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/2341" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594412" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/41383" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-2107" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.nth-dimension.org.uk/blog.php?id=87" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2010/08/25/7" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2010/08/26/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2010/08/26/5" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2010/08/29/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/42758" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/2341" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-03-18 17:02
Modified
2024-11-21 01:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6B47DCC-A6D4-452D-914D-2C3261022ECF", "versionEndIncluding": "1.0.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6572D2CB-472B-4CF0-B802-F52C12BA88BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0F3142CB-1AF1-456D-AF66-3701FECBD490", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "00AEAD55-82F4-4B18-A7DA-56B0D3EFAF3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3513A36D-5D92-4CDC-AA96-F3E2A390B493", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B49729E5-5B82-47AB-A9A6-5ED7C725591C", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C4C2436A-0E85-44F8-9691-B193D8E3B8A5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite." }, { "lang": "es", "value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en la UI de Futon en Apache CouchDB anteriores a versi\u00f3n 1.0.4, versiones 1.1.x anteriores a 1.1.2 y versiones 1.2.x anteriores a 1.2.1, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de par\u00e1metros no especificados para el conjunto de pruebas basadas en el navegador." } ], "id": "CVE-2012-5650", "lastModified": "2024-11-21T01:45:02.827", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2014-03-18T17:02:49.873", "references": [ { "source": "secalert@redhat.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0056.html" }, { "source": "secalert@redhat.com", "url": "http://mail-archives.apache.org/mod_mbox/couchdb-user/201301.mbox/%3C2FFF2FD7-8EAF-4EBF-AFDA-5AEB6EAC853F%40apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0056.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://mail-archives.apache.org/mod_mbox/couchdb-user/201301.mbox/%3C2FFF2FD7-8EAF-4EBF-AFDA-5AEB6EAC853F%40apache.org%3E" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-04-26 10:15
Modified
2025-01-29 17:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
References
{ "cisaActionDue": "2022-09-15", "cisaExploitAdd": "2022-08-25", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Apache CouchDB Insecure Default Initialization of Resource Vulnerability", "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "C49414F4-5081-4B1E-BBAC-929CE3A75A72", "versionEndExcluding": "3.2.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations." }, { "lang": "es", "value": "En Apache CouchDB versiones anteriores a 3.2.2, un atacante puede acceder a una instalaci\u00f3n por defecto asegurada inapropiadamente sin autenticarse y alcanzar privilegios de administrador. La documentaci\u00f3n de CouchDB siempre ha hecho recomendaciones para asegurar apropiadamente una instalaci\u00f3n, incluyendo la recomendaci\u00f3n de usar un firewall delante de todas las instalaciones de CouchDB" } ], "id": "CVE-2022-24706", "lastModified": "2025-01-29T17:15:17.557", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }, "published": "2022-04-26T10:15:35.083", "references": [ { "source": "security@apache.org", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html" }, { "source": "security@apache.org", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/04/26/1" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/05/09/1" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/05/09/2" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/05/09/3" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/05/09/4" }, { "source": "security@apache.org", "tags": [ "Broken Link", "Product" ], "url": "https://docs.couchdb.org/en/3.2.2/setup/cluster.html" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00" }, { "source": "security@apache.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/04/26/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/05/09/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/05/09/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/05/09/3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/05/09/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Product" ], "url": "https://docs.couchdb.org/en/3.2.2/setup/cluster.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Undergoing Analysis", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-1188" } ], "source": "security@apache.org", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-1188" } ], "source": "nvd@nist.gov", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2019-01-02 14:29
Modified
2024-11-21 03:54
Severity ?
Summary
Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. Rather than waiting for new vulnerabilities to be discovered, and fixing them as they come up, the CouchDB development team decided to make changes to avoid this entire class of vulnerabilities.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB74D165-EAB4-486E-9E0B-9DE1333B4EC9", "versionEndExcluding": "2.3.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. Rather than waiting for new vulnerabilities to be discovered, and fixing them as they come up, the CouchDB development team decided to make changes to avoid this entire class of vulnerabilities." }, { "lang": "es", "value": "Antes de la versi\u00f3n 2.3.0 de CouchDB, este \u00faltimo permit\u00eda la configuraci\u00f3n en tiempo de ejecuci\u00f3n de los componentes clave de la base de datos. En algunos casos, esto conduc\u00eda a vulnerabilidades en las que los usuarios de CouchDB pod\u00edan acceder al sistema operativo subyacente como el usuario de CouchDB. Junto a otras vulnerabilidades, permit\u00eda a los usuarios efectuar una entrada completa en el sistema. En vez de esperar a que se descubriesen nuevas vulnerabilidades y que se solucionasen en cuanto apareciesen, el equipo de desarrollo de CouchDB decidi\u00f3 efectuar cambios para evitar esta clase entera de vulnerabilidades." } ], "id": "CVE-2018-17188", "lastModified": "2024-11-21T03:54:03.020", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-01-02T14:29:00.267", "references": [ { "source": "security@apache.org", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://blog.couchdb.org/2018/12/17/cve-2018-17188/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/" }, { "source": "security@apache.org", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://blog.couchdb.org/2018/12/17/cve-2018-17188/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-05-23 14:55
Modified
2024-11-21 01:45
Severity ?
Summary
Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6B47DCC-A6D4-452D-914D-2C3261022ECF", "versionEndIncluding": "1.0.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6572D2CB-472B-4CF0-B802-F52C12BA88BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0F3142CB-1AF1-456D-AF66-3701FECBD490", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "00AEAD55-82F4-4B18-A7DA-56B0D3EFAF3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3513A36D-5D92-4CDC-AA96-F3E2A390B493", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B49729E5-5B82-47AB-A9A6-5ED7C725591C", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:couchdb:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C4C2436A-0E85-44F8-9691-B193D8E3B8A5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash." }, { "lang": "es", "value": "Apache CouchDB anterior a 1.0.4, 1.1.x anterior a 1.1.2 y 1.2.x anterior a 1.2.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una devoluci\u00f3n de llamada JSONP, relacionado con Adobe Flash." } ], "id": "CVE-2012-5649", "lastModified": "2024-11-21T01:45:02.680", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-05-23T14:55:07.273", "references": [ { "source": "secalert@redhat.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0057.html" }, { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098089.html" }, { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098092.html" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/51765" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:067" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/57314" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0057.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098089.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098092.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/51765" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:067" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/57314" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }