Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-38295

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2

Published

2021-10-14T20:15:09.017

Last Modified

2024-11-21T06:16:44.313

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

6.8

Impact Score

6.4

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	couchdb	< 3.1.2	Yes

References

https://docs.couchdb.org/en/stable/cve/2021-38295.html Vendor Advisory ([email protected])
https://docs.couchdb.org/en/stable/cve/2021-38295.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)