What is the severity of CVE-2023-45725?

CVE-2023-45725 is considered a critical vulnerability due to the potential for local attackers to gain elevated privileges.

How do I fix CVE-2023-45725?

To fix CVE-2023-45725, users should upgrade Apache CouchDB to version 3.3.3 or later.

Who is affected by CVE-2023-45725?

CVE-2023-45725 affects Apache CouchDB versions up to and including 3.3.2 and IBM Planning Analytics Local versions 2.1 and 2.0.

Can CVE-2023-45725 be exploited remotely?

No, CVE-2023-45725 requires local access to the system to exploit the vulnerability.

What impact does CVE-2023-45725 have on affected systems?

CVE-2023-45725 allows an attacker to gain elevated privileges, which could lead to unauthorized access to sensitive data or system controls.

Vulnerability/
CVE-2023-45725

medium

6.7

CWE

200

12/12/2023

13/12/2023

30/5/2024

CVE-2023-45725: Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents

First published: Tue Dec 12 2023(Updated: )

Apache CouchDB could allow a local attacker to gain elevated privileges on the system, caused by a flaw when using design document functions. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to gain elevated privileges to insert the design documents into the database, then manipulate a user to access a function from that design document.

Credit: security@apache.org

Affected Software	Affected Version	How to fix
Apache CouchDB	<=3.3.2
IBM Planning Analytics Workspace	<=2.1
IBM Planning Analytics Workspace	<=2.0

Remedy

https://docs.couchdb.org/en/stable/cve/2023-45725.html

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7151122

Frequently Asked Questions

What is the severity of CVE-2023-45725?
CVE-2023-45725 is considered a critical vulnerability due to the potential for local attackers to gain elevated privileges.
How do I fix CVE-2023-45725?
To fix CVE-2023-45725, users should upgrade Apache CouchDB to version 3.3.3 or later.
Who is affected by CVE-2023-45725?
CVE-2023-45725 affects Apache CouchDB versions up to and including 3.3.2 and IBM Planning Analytics Local versions 2.1 and 2.0.
Can CVE-2023-45725 be exploited remotely?
No, CVE-2023-45725 requires local access to the system to exploit the vulnerability.
What impact does CVE-2023-45725 have on affected systems?
CVE-2023-45725 allows an attacker to gain elevated privileges, which could lead to unauthorized access to sensitive data or system controls.

collector/oss-sec
alias/CVE-2023-45725
collector/mitre-cve
agent/event
agent/type
agent/first-publish-date
agent/last-modified-date
agent/severity
agent/author
agent/references
agent/remedy
agent/weakness
agent/title
agent/description
agent/softwarecombine
agent/trending
agent/source
collector/nvd-api
agent/software-canonical-lookup-request
agent/tags
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/apache
canonical/apache couchdb
version/apache couchdb/3.3.2
vendor/ibm
canonical/ibm planning analytics workspace
version/ibm planning analytics workspace/2.1
version/ibm planning analytics workspace/2.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.