Vulnerability-Lookup

CVE-2021-38295 (GCVE-0-2021-38295)

Vulnerability from cvelistv5 – Published: 2021-10-14 19:55 – Updated: 2024-08-04 01:37

Title

Privilege escalation vulnerability when using HTML attachments

Summary

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2

Severity ?

No CVSS data available.

CWE

Privilege escalation

Assigner

apache

References

URL

Tags

https://docs.couchdb.org/en/stable/cve/2021-38295.html

x_refsource_MISC

Impacted products

Vendor

Product

Version

Apache Software Foundation

Apache CouchDB

Affected: Apache CouchDB , < 3.1.2 (custom)

Apache Software Foundation

IBM Cloudant

Affected: IBM Cloudant , < 8201 (custom)

Credits

This issue was identified by Cory Sabol of Secure Ideas.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:37:16.335Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.couchdb.org/en/stable/cve/2021-38295.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache CouchDB",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "3.1.2",
              "status": "affected",
              "version": "Apache CouchDB",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IBM Cloudant",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "8201",
              "status": "affected",
              "version": "IBM Cloudant",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was identified by Cory Sabol of Secure Ideas."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-14T19:55:12.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.couchdb.org/en/stable/cve/2021-38295.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Privilege escalation vulnerability when using HTML attachments",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-38295",
          "STATE": "PUBLIC",
          "TITLE": "Privilege escalation vulnerability when using HTML attachments"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache CouchDB",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "Apache CouchDB",
                            "version_value": "3.1.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IBM Cloudant",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "IBM Cloudant",
                            "version_value": "8201"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "This issue was identified by Cory Sabol of Secure Ideas."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {
            "other": "low"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privilege escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://docs.couchdb.org/en/stable/cve/2021-38295.html",
              "refsource": "MISC",
              "url": "https://docs.couchdb.org/en/stable/cve/2021-38295.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-38295",
    "datePublished": "2021-10-14T19:55:12.000Z",
    "dateReserved": "2021-08-09T00:00:00.000Z",
    "dateUpdated": "2024-08-04T01:37:16.335Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-GR7P-9MX8-WR74

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2023-08-08 15:31

Details

Severity ?

7.3 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-38295"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-14T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2",
  "id": "GHSA-gr7p-9mx8-wr74",
  "modified": "2023-08-08T15:31:23Z",
  "published": "2022-05-24T19:17:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38295"
    },
    {
      "type": "WEB",
      "url": "https://docs.couchdb.org/en/stable/cve/2021-38295.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

bit-couchdb-2021-38295

Vulnerability from bitnami_vulndb

Published

2024-03-06 10:51

Modified

2025-05-20 10:02

Summary

Privilege escalation vulnerability when using HTML attachments

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "couchdb",
        "purl": "pkg:bitnami/couchdb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.2"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-38295"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
  },
  "details": "In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2",
  "id": "BIT-couchdb-2021-38295",
  "modified": "2025-05-20T10:02:07.006Z",
  "published": "2024-03-06T10:51:34.463Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://docs.couchdb.org/en/stable/cve/2021-38295.html"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38295"
    }
  ],
  "schema_version": "1.5.0",
  "summary": "Privilege escalation vulnerability when using HTML attachments"
}

CNVD-2021-103658

Vulnerability from cnvd - Published: 2021-12-31

Title

Apache CouchDB权限许可和访问控制问题漏洞

Description

Apache CouchDB是美国阿帕奇（Apache）基金会的使用Erlang开发的一套面向文档的数据库系统。 Apache CouchDB存在权限许可和访问控制问题漏洞，该漏洞源于应用程序未能适当地施加安全限制，具有在数据库中创建文档权限的远程身份验证用户将HTML附件附加到文档。如果CouchDB管理员打开此类附件，则HTML代码将在管理员的浏览器中执行。目前没有详细的漏洞细节提供。

Severity

中

Patch Name

Apache CouchDB权限许可和访问控制问题漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://docs.couchdb.org/en/stable/cve/2021-38295.html

Reference

https://www.cybersecurity-help.cz/vdb/SB2021101205

Impacted products

Name
Apache CouchDB <3.1.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-38295",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-38295"
    }
  },
  "description": "Apache CouchDB\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4f7f\u7528Erlang\u5f00\u53d1\u7684\u4e00\u5957\u9762\u5411\u6587\u6863\u7684\u6570\u636e\u5e93\u7cfb\u7edf\u3002\n\nApache CouchDB\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7a0b\u5e8f\u672a\u80fd\u9002\u5f53\u5730\u65bd\u52a0\u5b89\u5168\u9650\u5236\uff0c\u5177\u6709\u5728\u6570\u636e\u5e93\u4e2d\u521b\u5efa\u6587\u6863\u6743\u9650\u7684\u8fdc\u7a0b\u8eab\u4efd\u9a8c\u8bc1\u7528\u6237\u5c06HTML\u9644\u4ef6\u9644\u52a0\u5230\u6587\u6863\u3002\u5982\u679cCouchDB\u7ba1\u7406\u5458\u6253\u5f00\u6b64\u7c7b\u9644\u4ef6\uff0c\u5219HTML\u4ee3\u7801\u5c06\u5728\u7ba1\u7406\u5458\u7684\u6d4f\u89c8\u5668\u4e2d\u6267\u884c\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://docs.couchdb.org/en/stable/cve/2021-38295.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-103658",
  "openTime": "2021-12-31",
  "patchDescription": "Apache CouchDB\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4f7f\u7528Erlang\u5f00\u53d1\u7684\u4e00\u5957\u9762\u5411\u6587\u6863\u7684\u6570\u636e\u5e93\u7cfb\u7edf\u3002\r\n\r\nApache CouchDB\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7a0b\u5e8f\u672a\u80fd\u9002\u5f53\u5730\u65bd\u52a0\u5b89\u5168\u9650\u5236\uff0c\u5177\u6709\u5728\u6570\u636e\u5e93\u4e2d\u521b\u5efa\u6587\u6863\u6743\u9650\u7684\u8fdc\u7a0b\u8eab\u4efd\u9a8c\u8bc1\u7528\u6237\u5c06HTML\u9644\u4ef6\u9644\u52a0\u5230\u6587\u6863\u3002\u5982\u679cCouchDB\u7ba1\u7406\u5458\u6253\u5f00\u6b64\u7c7b\u9644\u4ef6\uff0c\u5219HTML\u4ee3\u7801\u5c06\u5728\u7ba1\u7406\u5458\u7684\u6d4f\u89c8\u5668\u4e2d\u6267\u884c\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache CouchDB\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache CouchDB \u003c3.1.2"
  },
  "referenceLink": "https://www.cybersecurity-help.cz/vdb/SB2021101205",
  "serverity": "\u4e2d",
  "submitTime": "2021-10-15",
  "title": "Apache CouchDB\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e"
}

GSD-2021-38295

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-38295

Aliases

CVE-2021-38295

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-38295",
    "description": "In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2",
    "id": "GSD-2021-38295",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-38295.html",
      "https://advisories.mageia.org/CVE-2021-38295.html",
      "https://security.archlinux.org/CVE-2021-38295"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-38295"
      ],
      "details": "In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2",
      "id": "GSD-2021-38295",
      "modified": "2023-12-13T01:23:17.629520Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2021-38295",
        "STATE": "PUBLIC",
        "TITLE": "Privilege escalation vulnerability when using HTML attachments"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache CouchDB",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "Apache CouchDB",
                          "version_value": "3.1.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "IBM Cloudant",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "IBM Cloudant",
                          "version_value": "8201"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "This issue was identified by Cory Sabol of Secure Ideas."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": [
        {
          "other": "low"
        }
      ],
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Privilege escalation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://docs.couchdb.org/en/stable/cve/2021-38295.html",
            "refsource": "MISC",
            "url": "https://docs.couchdb.org/en/stable/cve/2021-38295.html"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.1.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-38295"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-269"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://docs.couchdb.org/en/stable/cve/2021-38295.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://docs.couchdb.org/en/stable/cve/2021-38295.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.3,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-10-20T15:31Z",
      "publishedDate": "2021-10-14T20:15Z"
    }
  }
}

FKIE_CVE-2021-38295

Vulnerability from fkie_nvd - Published: 2021-10-14 20:15 - Updated: 2024-11-21 06:16

Severity ?

7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security@apache.org	https://docs.couchdb.org/en/stable/cve/2021-38295.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://docs.couchdb.org/en/stable/cve/2021-38295.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apache	couchdb	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "055B353E-396A-4925-96AC-1D2877607139",
              "versionEndExcluding": "3.1.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2"
    },
    {
      "lang": "es",
      "value": "En Apache CouchDB, un usuario malicioso con permiso para crear documentos en una base de datos puede adjuntar un archivo adjunto HTML a un documento. Si un administrador de CouchDB abre ese adjunto en un navegador, por ejemplo, por medio de la interfaz de administraci\u00f3n de CouchDB Fauxton, cualquier c\u00f3digo JavaScript insertado en ese adjunto HTML se ejecutar\u00e1 dentro del contexto de seguridad de ese administrador. Una ruta similar est\u00e1 disponible con la funcionalidad _show y _list, ya obsoleta. Esta vulnerabilidad de escalada de privilegios permite a un atacante a\u00f1adir o eliminar datos en cualquier base de datos o realizar cambios de configuraci\u00f3n. Este problema afectaba a Apache CouchDB versiones anteriores a 3.1.2"
    }
  ],
  "id": "CVE-2021-38295",
  "lastModified": "2024-11-21T06:16:44.313",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-14T20:15:09.017",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://docs.couchdb.org/en/stable/cve/2021-38295.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://docs.couchdb.org/en/stable/cve/2021-38295.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-38295 (GCVE-0-2021-38295)

GHSA-GR7P-9MX8-WR74

bit-couchdb-2021-38295

Vulnerability from bitnami_vulndb

CNVD-2021-103658

GSD-2021-38295

FKIE_CVE-2021-38295

Tags

Sightings

Nomenclature