rpm package
suse/couchdb&distro=SUSE Enterprise Storage 4
pkg:rpm/suse/couchdb&distro=SUSE%20Enterprise%20Storage%204
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-8007 | Hig | 7.2 | < 1.7.2-2.8.2 | 1.7.2-2.8.2 | Jul 11, 2018 | Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operati | |
| CVE-2017-12636 | Hig | 7.2 | < 1.7.2-2.8.2 | 1.7.2-2.8.2 | Nov 14, 2017 | CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 |
- affected < 1.7.2-2.8.2fixed 1.7.2-2.8.2
Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operati
- affected < 1.7.2-2.8.2fixed 1.7.2-2.8.2
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1