Vulnerability Details CVE-2023-45725
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.
These design document functions are:
* list
* show
* rewrite
* update
An attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an "update" function.
For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.
Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.8%
CVSS Severity
CVSS v3 Score 5.7
References
Products affected by CVE-2023-45725
-
cpe:2.3:a:apache:couchdb:-
-
cpe:2.3:a:apache:couchdb:0.10.0
-
cpe:2.3:a:apache:couchdb:0.10.1
-
cpe:2.3:a:apache:couchdb:0.10.2
-
cpe:2.3:a:apache:couchdb:0.11.0
-
cpe:2.3:a:apache:couchdb:0.11.1
-
cpe:2.3:a:apache:couchdb:0.11.2
-
cpe:2.3:a:apache:couchdb:0.8.0
-
cpe:2.3:a:apache:couchdb:0.8.1
-
cpe:2.3:a:apache:couchdb:0.9.0
-
cpe:2.3:a:apache:couchdb:0.9.1
-
cpe:2.3:a:apache:couchdb:0.9.2
-
cpe:2.3:a:apache:couchdb:1.0.0
-
cpe:2.3:a:apache:couchdb:1.0.1
-
cpe:2.3:a:apache:couchdb:1.0.2
-
cpe:2.3:a:apache:couchdb:1.0.3
-
cpe:2.3:a:apache:couchdb:1.0.4
-
cpe:2.3:a:apache:couchdb:1.1.0
-
cpe:2.3:a:apache:couchdb:1.1.1
-
cpe:2.3:a:apache:couchdb:1.1.2
-
cpe:2.3:a:apache:couchdb:1.2.0
-
cpe:2.3:a:apache:couchdb:1.2.1
-
cpe:2.3:a:apache:couchdb:1.2.2
-
cpe:2.3:a:apache:couchdb:1.3.0
-
cpe:2.3:a:apache:couchdb:1.3.1
-
cpe:2.3:a:apache:couchdb:1.4.0
-
cpe:2.3:a:apache:couchdb:1.5.0
-
cpe:2.3:a:apache:couchdb:1.5.1
-
cpe:2.3:a:apache:couchdb:1.6.0
-
cpe:2.3:a:apache:couchdb:1.6.1
-
cpe:2.3:a:apache:couchdb:1.7.0
-
cpe:2.3:a:apache:couchdb:1.7.1
-
cpe:2.3:a:apache:couchdb:1.7.2
-
cpe:2.3:a:apache:couchdb:2.0.0
-
cpe:2.3:a:apache:couchdb:2.1.0
-
cpe:2.3:a:apache:couchdb:2.1.1
-
cpe:2.3:a:apache:couchdb:2.1.2
-
cpe:2.3:a:apache:couchdb:2.1.2.
-
cpe:2.3:a:apache:couchdb:2.2.0
-
cpe:2.3:a:apache:couchdb:2.3.0
-
cpe:2.3:a:apache:couchdb:2.3.1
-
cpe:2.3:a:apache:couchdb:3.0.0
-
cpe:2.3:a:apache:couchdb:3.1.2
-
cpe:2.3:a:apache:couchdb:3.2.0
-
cpe:2.3:a:apache:couchdb:3.2.1
-
cpe:2.3:a:apache:couchdb:3.2.2
-
cpe:2.3:a:apache:couchdb:3.2.3
-
cpe:2.3:a:apache:couchdb:3.3.0
-
cpe:2.3:a:apache:couchdb:3.3.1
-
cpe:2.3:a:apache:couchdb:3.3.2