CVE-2023-45725

Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents

Description

Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: * list * show * rewrite * update An attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an "update" function. For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document. Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers

References

Link	Tags
https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg	vendor advisory mailing list
https://docs.couchdb.org/en/stable/cve/2023-45725.html	patch vendor advisory release notes

Frequently Asked Questions

What is the severity of CVE-2023-45725?: CVE-2023-45725 has been scored as a medium severity vulnerability.
How to fix CVE-2023-45725?: To fix CVE-2023-45725, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-45725 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-45725 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-45725?: CVE-2023-45725 affects Apache Software Foundation Apache CouchDB, Apache Software Foundation IBM Cloudant.

Description

Category

CWE-200 – Exposure of Sensitive Information to an Unauthorized Actor

References

Frequently Asked Questions