CVE-2021-38295

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-38295

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-38295.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-38295

Aliases

BIT-couchdb-2021-38295

Related

Published

2021-10-14T20:15:09Z

Modified

2025-01-14T09:29:41.771458Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2

References

https://docs.couchdb.org/en/stable/cve/2021-38295.html

Affected packages

Git / github.com/apache/couchdb

Affected ranges

Type: GIT
Repo: https://github.com/apache/couchdb
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

572b68e724ddb53d0bd04f56b3e0a3ff0d05cdf1

Affected versions

2.*

2.1.0

2.3.0

3.*

3.1.0

3.1.1

Other

fauxton