ID CVE-2018-11769
Summary CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user under which CouchDB runs, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows a CouchDB admin user to gain arbitrary remote code execution, bypassing CVE-2017-12636 and CVE-2018-8007.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
nessus via4
NASL family Databases
NASL id COUCHDB_2_2_0.NASL
description According to its banner, the version of CouchDB running on the remote host is 1.x or 2.1.x prior to 2.1.2. It is, therefore, potentially affected by a privilege escalation which could allow a CouchDB administrative user to gain remote code execution on the underlying operating system. Note that Nessus did not actually test for these flaws but instead, has relied on the version in CouchDB's banner.
last seen 2018-08-18
modified 2018-08-17
plugin id 111967
published 2018-08-17
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=111967
title Apache CouchDB 1.x / 2.1.x <= 2.1.2 Privilege Escalation
refmap via4
bid 105046
misc https://lists.apache.org/thread.html/1052ad7a1b32b9756df4f7860f5cb5a96b739f444117325a19a4bf75@%3Cdev.couchdb.apache.org%3E
Last major update 08-08-2018 - 11:29
Published 08-08-2018 - 11:29
Last modified 10-08-2018 - 21:29
Back to Top