资产安全
商业安全
安全服务
返回- 发布日期2021-10-12
- 感知时间2021-10-12
- 漏洞类型安全更新
- 风险等级低危
- 更新版本未知
- 情报贡献TSRC
2.14. CVE-2021-38295: Apache CouchDB Privilege Escalation
<br/>2.14. CVE-2021-38295: Apache CouchDB Privilege Escalation<br/><br/><br/><br/><br/>Date:12.10.2021<br/><br/>Affected:3.1.1 and below<br/><br/>Severity:Low<br/><br/>Vendor:The Apache Software Foundation<br/><br/><br/><br/><br/>2.14.1. Description<br/>A malicious user with permission to create documents in a database is able<br/>to attach a HTML attachment to a document. If a CouchDB admin opens that<br/>attachment in a browser, e.g. via the CouchDB admin interface Fauxton,<br/>any JavaScript code embedded in that HTML attachment will be executed within<br/>the security context of that admin. A similar route is available with the<br/>already deprecated _show and _list functionality.<br/>This privilege escalation vulnerability allows an attacker to add or remove<br/>data in any database or make configuration changes.<br/><br/><br/>2.14.2. Mitigation<br/>CouchDB 3.2.0 and onwards adds Content-Security-Policy<br/>headers for all attachment, _show and _list requests. This breaks certain<br/>niche use-cases and there are configuration options to restore the previous<br/>behaviour for those who need it.<br/>CouchDB 3.1.2 defaults to the previous behaviour, but<br/>adds configuration options to turn Content-Security-Policy headers on for<br/>all affected requests.<br/><br/><br/>2.14.3. Credit<br/>This issue was identified by Cory Sabol of Secure Ideas.<br/><br/>
CouchDB 是一个开源的面向文档的数据库管理系统,可以通过 RESTful JavaScript Object Notation (JSON) API 访问
<p><a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38295">CVE-2021-38295</a></p>
暂无
暂无
http://docs.couchdb.org/en/stable/cve/2021-38295.html
微信扫码关注公众号
