FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

couchdb -- administrator privilege escalation

Affected packages
couchdb < 2.3.0,2
couchdb2 < 2.3.0

Details

VuXML ID 1999a215-fc6b-11e8-8a95-ac1f6b67e138
Discovery 2018-12-01
Entry 2018-12-13

Apache CouchDB PMC reports:

Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases.

References

CVE Name CVE-2018-17188
URL http://docs.couchdb.org/en/stable/cve/2018-17188.html