VYPR
High severity7.8NVD Advisory· Published Feb 12, 2018· Updated Jun 17, 2026

CVE-2016-8742

CVE-2016-8742

Description

The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Apache/Couchdbllm-fuzzy
    Range: 2.0.0
  • Apache Software Foundation/Apache CouchDBv5
    Range: 2.0.0 (Windows platform only)

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.