8 matches found
Timing Attack
Overview @perfood/couch-auth is an Easy and secure authentication for CouchDB/Cloudant. Based on SuperLogin, updated and rewritten in Typescript. Affected versions of this package are vulnerable to Timing Attack via a timing side-channel in the authentication process. An attacker can obtain...
CVE-2023-45725 Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: list show rewrite update An attacker can leak the session component using an HTML-like output,...
Apache CouchDB Information Disclosure Vulnerability
Apache CouchDB is a document-oriented database system developed by the Apache Foundation using Erlang. An information disclosure vulnerability exists in Apache CouchDB 3.3.2 and earlier, and IBM Cloudan 8413 and earlier, which stems from a Design document function that receives the object of a...
PT-2023-29658 · Ibm +1 · Ibm Cloudant +1
Name of the Vulnerable Software and Affected Versions: Apache CouchDB versions prior to 3.3.3 IBM Cloudant versions prior to 8413 Description: Design document functions that receive a user HTTP request object may expose authorization or session cookie headers of the user who accesses the document...
CVE-2023-26268 Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...
CVE-2023-26268 Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...
Security Bulletin: Cloudant Local Apache CouchDB CVE-2018-17188: Remote Privilege Escalations
Summary Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it...
Security Bulletin: IBM Data Science Experience Local is affected by a Use of Hard-coded Password vulnerability
Summary IBM Data Science Experience Local has addressed the following vulnerability. Password for Data Science Experience Local Hadoop Integration Knox Gateway was hard-coded. Password for Data Science Experience Local Keystore and Truststore was hard-coded. Credentials for Data Science Experienc...