Showing 1 - 1 of 1

CVE-2018-11769

Status Candidate

Overview

CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user under which CouchDB runs, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows a CouchDB admin user to gain arbitrary remote code execution, bypassing CVE-2017-12636 and CVE-2018-8007.

Related Files

Gentoo Linux Security Advisory 201812-06: Posted Dec 15, 2018; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201812-6 - Multiple vulnerabilities have been found in CouchDB, the worst of which could lead to the remote execution of code. Versions less than or equal to 2.1.2 are affected.; tags | advisory, remote, vulnerability; systems | linux, gentoo; advisories | CVE-2018-11769, CVE-2018-8007; SHA-256 | e0f321bad719c25fba4a870aa7db419a011e19fd771faa66863daab3b0fd1ce7; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 219 files
Jay Turla 150 files
indoushka 133 files
Ubuntu 59 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
Gentoo 33 files
H D Moore 31 files
Debian 27 files

File Archives

Systems

AIX (429)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,112)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (880)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (50,975)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,661)
Slackware (941)
Solaris (1,614)
SUSE (1,444)
Ubuntu (9,793)
UNIX (9,443)
UnixWare (187)
Windows (6,756)
Other

CVE-2018-11769

Overview

Related Files

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems