12/12/2023
13/12/2023
20/12/2023
CVE-2023-45725: Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents
First published: Tue Dec 12 2023(Updated: )
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.
These design document functions are:
* list
* show
* rewrite
* update
An attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an "update" function.
For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.
Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers
Credit: security@apache.org
Affected Software | Affected Version | How to fix |
---|
Apache CouchDB | <=3.3.2 | |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- collector/oss-sec
- alias/CVE-2023-45725
- collector/mitre-cve
- collector/nvd-api
- agent/references
- agent/title
- agent/severity
- agent/author
- agent/weakness
- agent/tags
- agent/event
- agent/type
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/apache
- canonical/apache couchdb
- version/apache couchdb/3.3.2
Contact
SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.coBy using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203