CouchDB Design Doc HTTP Header Leak via list/show/rewrite/update
CVE-2023-45725 Published on December 13, 2023
Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.
These design document functions are:
* list
* show
* rewrite
* update
An attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an "update" function.
For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.
Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2023-45725 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2023-45725
Want to know whenever a new CVE is published for Apache Couchdb? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache CouchDB:- Before and including 3.3.2 is affected.
- Before 8413 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.