Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.
These design document functions are:
* list
* show
* rewrite
* update
An attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an "update" function.
For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.
Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers
References
Link | Resource |
---|---|
https://docs.couchdb.org/en/stable/cve/2023-45725.html | Patch Vendor Advisory |
https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg | Mailing List Vendor Advisory |
https://docs.couchdb.org/en/stable/cve/2023-45725.html | Patch Vendor Advisory |
https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg | Mailing List Vendor Advisory |
Configurations
History
21 Nov 2024, 08:27
Type | Values Removed | Values Added |
---|---|---|
References | () https://docs.couchdb.org/en/stable/cve/2023-45725.html - Patch, Vendor Advisory | |
References | () https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg - Mailing List, Vendor Advisory |
20 Dec 2023, 18:32
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:* | |
References | () https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg - Mailing List, Vendor Advisory | |
References | () https://docs.couchdb.org/en/stable/cve/2023-45725.html - Patch, Vendor Advisory | |
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.7 |
13 Dec 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-13 08:15
Updated : 2024-11-21 08:27
NVD link : CVE-2023-45725
Mitre link : CVE-2023-45725
CVE.ORG link : CVE-2023-45725
JSON object : View
Products Affected
apache
- couchdb
CWE