UBUNTU-CVE-2018-17188

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2018-17188

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-17188.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2018-17188

Related

CVE-2018-17188

Published

2019-01-02T14:29:00Z

Modified

2025-01-13T10:21:40Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. Rather than waiting for new vulnerabilities to be discovered, and fixing them as they come up, the CouchDB development team decided to make changes to avoid this entire class of vulnerabilities.

References

Affected packages

Ubuntu:Pro:16.04:LTS / couchdb

Package

Name: couchdb
Purl: pkg:deb/ubuntu/couchdb@1.6.0-0ubuntu7?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.0-0ubuntu7

Ecosystem specific

{
    "ubuntu_priority": "medium"
}