En

Apache CouchDB官网安全更新(2021-10-12)

来源:Apache CouchDB官网 发布日期:2021-10-12 阅读次数:11180 评论:0

基本信息

发布日期:2021-10-12(官方当地时间)

更新类型:安全更新

更新版本:未知

感知时间:2021-10-12 16:47:24

风险等级:低危

情报贡献:TSRC

更新标题

2.14. CVE-2021-38295: Apache CouchDB Privilege Escalation

更新详情


2.14. CVE-2021-38295: Apache CouchDB Privilege Escalation




Date:12.10.2021

Affected:3.1.1 and below

Severity:Low

Vendor:The Apache Software Foundation




2.14.1. Description
A malicious user with permission to create documents in a database is able
to attach a HTML attachment to a document. If a CouchDB admin opens that
attachment in a browser, e.g. via the CouchDB admin interface Fauxton,
any JavaScript code embedded in that HTML attachment will be executed within
the security context of that admin. A similar route is available with the
already deprecated _show and _list functionality.
This privilege escalation vulnerability allows an attacker to add or remove
data in any database or make configuration changes.


2.14.2. Mitigation
CouchDB 3.2.0 and onwards adds Content-Security-Policy
headers for all attachment, _show and _list requests. This breaks certain
niche use-cases and there are configuration options to restore the previous
behaviour for those who need it.
CouchDB 3.1.2 defaults to the previous behaviour, but
adds configuration options to turn Content-Security-Policy headers on for
all affected requests.


2.14.3. Credit
This issue was identified by Cory Sabol of Secure Ideas.

软件描述

CouchDB 是一个开源的面向文档的数据库管理系统,可以通过 RESTful JavaScript Object Notation (JSON) API 访问

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入