SUSE-SU-2018:2765-1

Source
https://www.suse.com/support/update/announcement/2018/suse-su-20182765-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:2765-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2018:2765-1
Related
Published
2018-09-20T06:06:05Z
Modified
2018-09-20T06:06:05Z
Summary
Security update for couchdb
Details

This update for couchdb fixes the following security issues:

  • CVE-2018-8007: Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it was possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API (bsc#1100973)
References

Affected packages

SUSE:OpenStack Cloud Crowbar 8 / couchdb

Package

Name
couchdb
Purl
pkg:rpm/suse/couchdb&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.2-3.3.1

Ecosystem specific

{
    "binaries": [
        {
            "couchdb": "1.7.2-3.3.1"
        }
    ]
}