5 matches found
BIT-COUCHDB-2021-38295 Privilege escalation vulnerability when using HTML attachments
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...
Apache CouchDB < 3.1.2 Privilege Escalation
According to its banner, the version of CouchDB running on the remote host is prior 3.1,2. It is, therefore, affected by a privilege escalation vulnerability. A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin...
UBUNTU-CVE-2021-38295
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...
CVE-2021-38295 Privilege escalation vulnerability when using HTML attachments
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...
couchdb -- user privilege escalation
Cory Sabol reports: A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will ...