Lucene search
PRIOn knowledge basePRION:CVE-2023-45725HistoryDec 13, 2023 - 8:15 a.m.
Design/Logic Flaw
2023-12-1308:15:00
PRIOn knowledge base
www.prio-n.com
2
design/logic flaw
user request
exposed headers
mitigation
untrusted sources
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.
These design document functions are:
- list
- show
- rewrite
- update
An attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an “update” function.
For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.
Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object’s headers
Related
ubuntucve
ubuntucve
CVE-2023-45725
2023-12-13 00:00:00
nessus
nessus
Apache CouchDB < 3.3.3 Privilege Escalation
2023-12-14 00:00:00
openvas
openvas
Apache CouchDB < 3.3.3 Privilege Escalation Vulnerability - Linux
2023-12-13 00:00:00
Apache CouchDB < 3.3.3 Privilege Escalation Vulnerability - Windows
2023-12-13 00:00:00
cvelist
cvelist
osv
osv
BIT-couchdb-2023-45725
2024-03-06 10:51:03
CVE-2023-45725
2023-12-13 08:15:50
cve
cve
CVE-2023-45725
2023-12-13 08:15:50
nvd
nvd
CVE-2023-45725
2023-12-13 08:15:50
