What is the severity of CVE-2023-26268?

The severity of CVE-2023-26268 is medium, with a CVSS score of 5.3.

Which software is affected by CVE-2023-26268?

CVE-2023-26268 affects Apache CouchDB versions up to 3.2.3, Apache CouchDB versions between 3.3.0 and 3.3.2, and IBM Cloudant with a version up to 8349.

What can happen if CVE-2023-26268 is exploited?

If CVE-2023-26268 is exploited, design documents with matching IDs can share a mutable Javascript environment, potentially leading to unauthorized access or data manipulation.

How can I mitigate CVE-2023-26268?

To mitigate CVE-2023-26268, update Apache CouchDB to version 3.3.3 or later, or update IBM Cloudant to a version higher than 8349.

Vulnerability/
CVE-2023-26268

medium

5.3

CWE

200

2/5/2023

10/5/2023

CVE-2023-26268: Infoleak

Q: What is CVE-2023-26268?

CVE-2023-26268 is a vulnerability that affects Apache CouchDB and IBM Cloudant. Design documents with matching document IDs from databases on the same cluster may share a mutable Javascript environment when using certain design document functions.

First published: Tue May 02 2023(Updated: )

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: * validate_doc_update * list * filter * filter views (using view functions as filters) * rewrite * update This doesn't affect map/reduce or search (Dreyfus) index functions. Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3). Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.

Credit: security@apache.org

Affected Software	Affected Version	How to fix
Apache CouchDB	<3.2.3
Apache CouchDB	>=3.3.0<3.3.2
Ibm Cloudant	<=8349

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-26268?
CVE-2023-26268 is a vulnerability that affects Apache CouchDB and IBM Cloudant. Design documents with matching document IDs from databases on the same cluster may share a mutable Javascript environment when using certain design document functions.
What is the severity of CVE-2023-26268?
The severity of CVE-2023-26268 is medium, with a CVSS score of 5.3.
Which software is affected by CVE-2023-26268?
CVE-2023-26268 affects Apache CouchDB versions up to 3.2.3, Apache CouchDB versions between 3.3.0 and 3.3.2, and IBM Cloudant with a version up to 8349.
What can happen if CVE-2023-26268 is exploited?
If CVE-2023-26268 is exploited, design documents with matching IDs can share a mutable Javascript environment, potentially leading to unauthorized access or data manipulation.
How can I mitigate CVE-2023-26268?
To mitigate CVE-2023-26268, update Apache CouchDB to version 3.3.3 or later, or update IBM Cloudant to a version higher than 8349.

collector/nvd-latest
collector/nvd-index
agent/type
agent/event
agent/severity
agent/weakness
agent/references
agent/author
agent/tags
agent/description
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
vendor/apache
canonical/apache couchdb
version/apache couchdb/3.3.0
vendor/ibm
canonical/ibm cloudant
version/ibm cloudant/8349

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.