Lucene search
K

5 matches found

OSV
OSV
added 2024/03/06 10:51 a.m.22 views

BIT-COUCHDB-2021-38295 Privilege escalation vulnerability when using HTML attachments

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

7.3CVSS7.2AI score0.02474EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/09/29 12:0 a.m.30 views

Apache CouchDB < 3.1.2 Privilege Escalation

According to its banner, the version of CouchDB running on the remote host is prior 3.1,2. It is, therefore, affected by a privilege escalation vulnerability. A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin...

7.3CVSS6.1AI score0.02474EPSS
Exploits1References2
OSV
OSV
added 2021/10/14 8:15 p.m.4 views

UBUNTU-CVE-2021-38295

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

7.3CVSS5.8AI score0.02474EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/10/14 7:55 p.m.32 views

CVE-2021-38295 Privilege escalation vulnerability when using HTML attachments

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

7.5AI score0.02474EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2021/08/09 12:0 a.m.19 views

couchdb -- user privilege escalation

Cory Sabol reports: A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will ...

6.8CVSS1AI score0.01226EPSS
Exploits0References1
Rows per page
Query Builder