FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

couchdb -- multiple vulnerabilities

Affected packages
couchdb < 1.7.2,2

Details

VuXML ID 1e54d140-8493-11e8-a795-0028f8d09152
Discovery 2017-11-14
Entry 2018-07-10

Apache CouchDB PMC reports:

Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases.

[source]

References

CVE Name CVE-2017-12635
CVE Name CVE-2017-12636
CVE Name CVE-2018-8007
URL https://blog.couchdb.org/2017/11/14/apache-couchdb-cve-2017-12635-and-cve-2017-12636/
URL https://blog.couchdb.org/2018/07/10/cve-2018-8007/
URL https://lists.apache.org/thread.html/6fa798e96686b7b0013ec2088140d00aeb7d34487d3f5ad032af6934@%3Cdev.couchdb.apache.org%3E

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.