cnvd - cnvd-2018-20566

cnvd-2018-20566

Vulnerability from cnvd

Title: Apache CouchDB任意代码执行漏洞

Description:

CouchDB是用Erlang开发的一套面向文档的数据库系统。

CouchDB中存在安全漏洞，该漏洞源于程序未能充分验证管理员通过HTTP API提交的配置设置。攻击者可利用该漏洞绕过白名单，提升权限至操作系统用户权限，执行任意代码。

Severity: 高

Patch Name: Apache CouchDB任意代码执行漏洞的补丁

Patch Description:

CouchDB是用Erlang开发的一套面向文档的数据库系统。

CouchDB中存在安全漏洞，该漏洞源于程序未能充分验证管理员通过HTTP API提交的配置设置。攻击者可利用该漏洞绕过白名单，提升权限至操作系统用户权限，执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://blog.couchdb.org/2018/07/10/cve-2018-8007/

Reference: http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3c1439409216.6221.1531246856676.JavaMail.Joan@RITA%3e http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3C1699016538.6219.1531246785603.JavaMail.Joan%40RITA%3E https://blog.couchdb.org/2018/07/10/cve-2018-8007/

Impacted products

Name
['Apache CouchDB <1.7.2', 'Apache CouchDB <2.1.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8007"
    }
  },
  "description": "CouchDB\u662f\u7528Erlang\u5f00\u53d1\u7684\u4e00\u5957\u9762\u5411\u6587\u6863\u7684\u6570\u636e\u5e93\u7cfb\u7edf\u3002\r\n\r\nCouchDB\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7ba1\u7406\u5458\u901a\u8fc7HTTP API\u63d0\u4ea4\u7684\u914d\u7f6e\u8bbe\u7f6e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u767d\u540d\u5355\uff0c\u63d0\u5347\u6743\u9650\u81f3\u64cd\u4f5c\u7cfb\u7edf\u7528\u6237\u6743\u9650\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Francesco Oddo of MDSec Labs",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://blog.couchdb.org/2018/07/10/cve-2018-8007/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-20566",
  "openTime": "2018-10-11",
  "patchDescription": "CouchDB\u662f\u7528Erlang\u5f00\u53d1\u7684\u4e00\u5957\u9762\u5411\u6587\u6863\u7684\u6570\u636e\u5e93\u7cfb\u7edf\u3002\r\n\r\nCouchDB\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7ba1\u7406\u5458\u901a\u8fc7HTTP API\u63d0\u4ea4\u7684\u914d\u7f6e\u8bbe\u7f6e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u767d\u540d\u5355\uff0c\u63d0\u5347\u6743\u9650\u81f3\u64cd\u4f5c\u7cfb\u7edf\u7528\u6237\u6743\u9650\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache CouchDB\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache CouchDB \u003c1.7.2",
      "Apache CouchDB \u003c2.1.2"
    ]
  },
  "referenceLink": "http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3c1439409216.6221.1531246856676.JavaMail.Joan@RITA%3e\r\nhttp://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3C1699016538.6219.1531246785603.JavaMail.Joan%40RITA%3E\r\nhttps://blog.couchdb.org/2018/07/10/cve-2018-8007/",
  "serverity": "\u9ad8",
  "submitTime": "2018-07-13",
  "title": "Apache CouchDB\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2018-8007 (GCVE-0-2018-8007)

Vulnerability from cvelistv5

Published

2018-07-11 13:00

Modified

2024-09-16 17:04

Severity ?

CWE

Administrative Privilege Escalation

Summary

Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows an existing CouchDB admin user to gain arbitrary remote code execution, bypassing already disclosed CVE-2017-12636. Mitigation: All users should upgrade to CouchDB releases 1.7.2 or 2.1.2.

References

▼	URL	Tags
	http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3c1439409216.6221.1531246856676.JavaMail.Joan%40RITA%3e	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/201812-06	vendor-advisory, x_refsource_GENTOO
	http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3C1699016538.6219.1531246785603.JavaMail.Joan%40RITA%3E	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/104741	vdb-entry, x_refsource_BID
	https://www.mdsec.co.uk/2018/08/advisory-cve-2018-8007-apache-couchdb-remote-code-execution/	x_refsource_MISC
	https://blog.couchdb.org/2018/07/10/cve-2018-8007/	x_refsource_CONFIRM
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache CouchDB	Version: < 1.7.2 Version: 2.0.0 to 2.1.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:11.455Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[couchdb-announce] 20180710 Apache CouchDB 2.1.2 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3c1439409216.6221.1531246856676.JavaMail.Joan%40RITA%3e"
          },
          {
            "name": "GLSA-201812-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201812-06"
          },
          {
            "name": "[couchdb-announce] 20180710 Apache CouchDB 1.7.2 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3C1699016538.6219.1531246785603.JavaMail.Joan%40RITA%3E"
          },
          {
            "name": "104741",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104741"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mdsec.co.uk/2018/08/advisory-cve-2018-8007-apache-couchdb-remote-code-execution/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://blog.couchdb.org/2018/07/10/cve-2018-8007/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us"
          },
          {
            "name": "FEDORA-2020-83f513fd7e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/"
          },
          {
            "name": "FEDORA-2020-73bd8167a0",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache CouchDB",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.7.2"
            },
            {
              "status": "affected",
              "version": "2.0.0 to 2.1.1"
            }
          ]
        }
      ],
      "datePublic": "2018-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system\u0027s user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows an existing CouchDB admin user to gain arbitrary remote code execution, bypassing already disclosed CVE-2017-12636. Mitigation: All users should upgrade to CouchDB releases 1.7.2 or 2.1.2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Administrative Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-16T23:06:06",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[couchdb-announce] 20180710 Apache CouchDB 2.1.2 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3c1439409216.6221.1531246856676.JavaMail.Joan%40RITA%3e"
        },
        {
          "name": "GLSA-201812-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201812-06"
        },
        {
          "name": "[couchdb-announce] 20180710 Apache CouchDB 1.7.2 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3C1699016538.6219.1531246785603.JavaMail.Joan%40RITA%3E"
        },
        {
          "name": "104741",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104741"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mdsec.co.uk/2018/08/advisory-cve-2018-8007-apache-couchdb-remote-code-execution/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://blog.couchdb.org/2018/07/10/cve-2018-8007/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us"
        },
        {
          "name": "FEDORA-2020-83f513fd7e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/"
        },
        {
          "name": "FEDORA-2020-73bd8167a0",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "DATE_PUBLIC": "2018-07-10T00:00:00",
          "ID": "CVE-2018-8007",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache CouchDB",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.7.2"
                          },
                          {
                            "version_value": "2.0.0 to 2.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system\u0027s user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows an existing CouchDB admin user to gain arbitrary remote code execution, bypassing already disclosed CVE-2017-12636. Mitigation: All users should upgrade to CouchDB releases 1.7.2 or 2.1.2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Administrative Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[couchdb-announce] 20180710 Apache CouchDB 2.1.2 released",
              "refsource": "MLIST",
              "url": "http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3c1439409216.6221.1531246856676.JavaMail.Joan@RITA%3e"
            },
            {
              "name": "GLSA-201812-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201812-06"
            },
            {
              "name": "[couchdb-announce] 20180710 Apache CouchDB 1.7.2 released",
              "refsource": "MLIST",
              "url": "http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3C1699016538.6219.1531246785603.JavaMail.Joan%40RITA%3E"
            },
            {
              "name": "104741",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104741"
            },
            {
              "name": "https://www.mdsec.co.uk/2018/08/advisory-cve-2018-8007-apache-couchdb-remote-code-execution/",
              "refsource": "MISC",
              "url": "https://www.mdsec.co.uk/2018/08/advisory-cve-2018-8007-apache-couchdb-remote-code-execution/"
            },
            {
              "name": "https://blog.couchdb.org/2018/07/10/cve-2018-8007/",
              "refsource": "CONFIRM",
              "url": "https://blog.couchdb.org/2018/07/10/cve-2018-8007/"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us"
            },
            {
              "name": "FEDORA-2020-83f513fd7e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/"
            },
            {
              "name": "FEDORA-2020-73bd8167a0",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2018-8007",
    "datePublished": "2018-07-11T13:00:00Z",
    "dateReserved": "2018-03-09T00:00:00",
    "dateUpdated": "2024-09-16T17:04:00.488Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted