CVE-2023-45725
N/A
Summary
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.
These design document functions are:
- list
- show
- rewrite
- update
An attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an "update" function.
For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.
Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache CouchDB | 0 <= 3.3.2 | affected |
| Apache Software Foundation | IBM Cloudant | 0 < 8413 | affected |
Weaknesses
- CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
ADP Enrichment
CVE Program Container
Additional References
- https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg
- https://docs.couchdb.org/en/stable/cve/2023-45725.html
References
- https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg
- https://docs.couchdb.org/en/stable/cve/2023-45725.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.