Bitnami package
couchdb
pkg:bitnami/couchdb
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-45725 | — | < 3.3.3 | 3.3.3 | Dec 13, 2023 | Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: * list * show * rewrite * update An attacker can leak the sessio | ||
| CVE-2023-26268 | — | < 3.2.3 | 3.2.3 | May 2, 2023 | Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: * validate_doc_update * list * filter * filter views (using view functions as filters) * rewr | ||
| CVE-2022-24706 | — | KEV | < 3.2.2 | 3.2.2 | Apr 26, 2022 | In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a fi | |
| CVE-2021-38295 | — | < 3.1.2 | 3.1.2 | Oct 14, 2021 | In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML | ||
| CVE-2020-1955 | — | >= 3.0.0, < 3.0.1 | 3.0.1 | May 20, 2020 | CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in turn requires that any and |
- CVE-2023-45725Dec 13, 2023affected < 3.3.3fixed 3.3.3
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: * list * show * rewrite * update An attacker can leak the sessio
- CVE-2023-26268May 2, 2023affected < 3.2.3fixed 3.2.3
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: * validate_doc_update * list * filter * filter views (using view functions as filters) * rewr
- affected < 3.2.2fixed 3.2.2
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a fi
- CVE-2021-38295Oct 14, 2021affected < 3.1.2fixed 3.1.2
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML
- CVE-2020-1955May 20, 2020affected >= 3.0.0, < 3.0.1fixed 3.0.1
CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in turn requires that any and