PT-2023-20577 · Apache · Apache Couchdb
Nick Vatamaniuc
·
Publicado
2023-05-02
·
Atualizado
2024-03-06
·
CVE-2023-26268
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apache CouchDB versions prior to 3.2.3
Apache CouchDB versions prior to 3.3.2
Description
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:
- validate doc update
- list
- filter
- filter views (using view functions as filters)
- rewrite
- update This doesn't affect map/reduce or search (Dreyfus) index functions.
Recommendations
For versions prior to 3.2.3, upgrade to Apache CouchDB 3.2.3 or later.
For versions prior to 3.3.2, upgrade to Apache CouchDB 3.3.2 or later.
As a temporary workaround, consider avoiding the use of design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Apache Couchdb