BIT-couchdb-2023-45725
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/couchdb/BIT-couchdb-2023-45725.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/BIT-couchdb-2023-45725
- Aliases
- Published
- 2024-03-06T10:51:03.389Z
- Modified
- 2025-01-17T15:26:01.971Z
- Summary
- [none]
- Details
-
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.These design document functions are: * list * show * rewrite * updateAn attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an "update" function.For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers
- Database specific
{ "cpes": [ "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*" ], "severity": "Medium" }- References
Affected packages
Bitnami / couchdb
Package
- Name
- couchdb
- Purl
- pkg:bitnami/couchdb
Severity
- 5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVSS Calculator