QID 731156
Date Published: 2024-02-19
QID 731156: Apache CouchDB Privilege Escalation Vulnerability
Apache CouchDB is a free open-source document-oriented database written in the Erlang programming language.
A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality.
Affected Versions:
Apache CouchDB prior to version 3.1.2
QID Detection Logic (Remote)
It checks for vulnerable version of Apache CouchDB by sending a GET request to the target and matches the vulnerable version.
Successful exploitation of this vulnerability allows an attacker to add or remove data in any database or make configuration changes.
CouchDB 3.2.0 and onwards adds Content-Security-Policy headers for all attachment, _show and _list requests. This breaks certain niche use-cases and there are configuration options to restore the previous behaviour for those who need it. CouchDB 3.1.2 defaults to the previous behaviour, but adds configuration options to turn Content-Security-Policy headers on for all affected requests.
- Apache CouchDB Privilege Escalation -
docs.couchdb.org/en/stable/cve/2021-38295.html
CVEs related to QID 731156
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| Apache CouchDB |
couchdb.apache.org/ |