167 matches found
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keysfor 'roles' used for access control within the database, including the special case 'admin' role, th...
EUVD-2012-5534
Malware in sbrugna...
EUVD-2010-2247
Malware in sbrugna...
EUVD-2012-5533
Malware in sbrugna...
EUVD-2016-9576
Malware in sbrugna...
EUVD-2012-5525
Malware in sbrugna...
EUVD-2010-0041
Malware in sbrugna...
EUVD-2010-3833
Malware in sbrugna...
EUVD-2021-24752
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-38295
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin open...
CVE-2017-12635
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...
BIT-COUCHDB-2021-38295 Privilege escalation vulnerability when using HTML attachments
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...
BIT-COUCHDB-2022-24706 Remote Code Execution Vulnerability in Packaging
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...
BIT-COUCHDB-2023-26268 Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...
Apache CouchDB < 3.3.3 Privilege Escalation
According to its banner, the version of CouchDB running on the remote host is prior to 3.3.3. It is, therefore, affected by a privilege escalation vulnerability: - Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who...
CVE-2023-45725 Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: list show rewrite update An attacker can leak the session component using an HTML-like output,...
Apache CouchDB < 3.3.3 Privilege Escalation Vulnerability - Windows
Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...
Apache CouchDB < 3.3.3 Privilege Escalation Vulnerability - Linux
Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...
PT-2023-29658 · Ibm +1 · Ibm Cloudant +1
Name of the Vulnerable Software and Affected Versions: Apache CouchDB versions prior to 3.3.3 IBM Cloudant versions prior to 8413 Description: Design document functions that receive a user HTTP request object may expose authorization or session cookie headers of the user who accesses the document...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality due to [CVE-2023-26268]
Summary Apache CouchDB is used by IBM App Connect Enterprise Certified Container for storing flows and data used by the DesignerAuthroing operand. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality. This bulletin provides patch...