5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
23.8%
Design documents with matching document IDs, from databases on the same
cluster, may share a mutable Javascript environment when using these design
document functions: * validate_doc_update * list * filter * filter views
(using view functions as filters) * rewrite * update This doesn’t affect
map/reduce or search (Dreyfus) index functions. Users are recommended to
upgrade to a version that is no longer affected by this issue (Apache
CouchDB 3.3.2 or 3.2.3). Workaround: Avoid using design documents from
untrusted sources which may attempt to cache or store data in the
Javascript environment.
docs.couchdb.org/en/stable/cve/2023-26268.html
launchpad.net/bugs/cve/CVE-2023-26268
lists.apache.org/thread/ldkqs0nhpmho26bdxf4fon7w75hsq5gl
lists.apache.org/thread/r2wvjfysg3d92lhhjd1qh3wfr8mlp0pp
nvd.nist.gov/vuln/detail/CVE-2023-26268
security-tracker.debian.org/tracker/CVE-2023-26268
www.cve.org/CVERecord?id=CVE-2023-26268