Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents
Description
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.
These design document functions are: * list * show * rewrite * update
An attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an "update" function.
For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.
Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Apache Software Foundation/Apache CouchDBv5Range: 0
- Apache Software Foundation/IBM Cloudantv5Range: 0
Patches
Vulnerability mechanics
References
2- lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrgmitrevendor-advisory
- docs.couchdb.org/en/stable/cve/2023-45725.htmlmitrerelease-notes
News mentions
0No linked articles in our index yet.