FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

couchdb -- multiple vulnerabilities

Affected packages
couchdb < 1.7.2,2

Details

VuXML ID 1e54d140-8493-11e8-a795-0028f8d09152
Discovery 2017-11-14
Entry 2018-07-10

Apache CouchDB PMC reports:

Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases.

References

CVE Name CVE-2017-12635
CVE Name CVE-2017-12636
CVE Name CVE-2018-8007
URL https://blog.couchdb.org/2017/11/14/apache-couchdb-cve-2017-12635-and-cve-2017-12636/
URL https://blog.couchdb.org/2018/07/10/cve-2018-8007/
URL https://lists.apache.org/thread.html/6fa798e96686b7b0013ec2088140d00aeb7d34487d3f5ad032af6934@%3Cdev.couchdb.apache.org%3E