FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

couchdb -- user privilege escalation

Affected packages
couchdb < 3.1.2,2

Details

VuXML ID a7dd4c2d-77e4-46de-81a2-c453c317f9de
Discovery 2021-08-09
Entry 2021-10-12

Cory Sabol reports:

A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality.

References

CVE Name CVE-2021-39205
URL https://docs.couchdb.org/en/stable/cve/2021-38295.html