Lucene search
K

8 matches found

Snyk
Snyk
added 2026/03/05 9:30 p.m.4 views

Timing Attack

Overview @perfood/couch-auth is an Easy and secure authentication for CouchDB/Cloudant. Based on SuperLogin, updated and rewritten in Typescript. Affected versions of this package are vulnerable to Timing Attack via a timing side-channel in the authentication process. An attacker can obtain...

7.5CVSS5.8AI score0.00379EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/12/13 8:2 a.m.18 views

CVE-2023-45725 Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents

Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: list show rewrite update An attacker can leak the session component using an HTML-like output,...

5.6AI score0.01232EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.4 views

Apache CouchDB Information Disclosure Vulnerability

Apache CouchDB is a document-oriented database system developed by the Apache Foundation using Erlang. An information disclosure vulnerability exists in Apache CouchDB 3.3.2 and earlier, and IBM Cloudan 8413 and earlier, which stems from a Design document function that receives the object of a...

5.7CVSS8.8AI score0.01232EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/05 12:0 a.m.4 views

PT-2023-29658 · Ibm +1 · Ibm Cloudant +1

Name of the Vulnerable Software and Affected Versions: Apache CouchDB versions prior to 3.3.3 IBM Cloudant versions prior to 8413 Description: Design document functions that receive a user HTTP request object may expose authorization or session cookie headers of the user who accesses the document...

5.7CVSS4.6AI score0.01232EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2023/05/02 8:6 p.m.16 views

CVE-2023-26268 Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...

4.4CVSS7AI score0.01429EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/05/02 8:6 p.m.17 views

CVE-2023-26268 Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...

4.4CVSS5.4AI score0.01429EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2019/03/14 6:10 p.m.23 views

Security Bulletin: Cloudant Local Apache CouchDB CVE-2018-17188: Remote Privilege Escalations

Summary Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it...

7.2CVSS0.7AI score0.03228EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/29 9:19 p.m.6 views

Security Bulletin: IBM Data Science Experience Local is affected by a Use of Hard-coded Password vulnerability

Summary IBM Data Science Experience Local has addressed the following vulnerability. Password for Data Science Experience Local Hadoop Integration Knox Gateway was hard-coded. Password for Data Science Experience Local Keystore and Truststore was hard-coded. Credentials for Data Science Experienc...

1AI score
Exploits0Affected Software1
Rows per page
Query Builder