CVE-2023-45725

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

D

esign document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: * list * show * rewrite * update An attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an "update" function. For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document. Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers

References

Link	Resource
https://docs.couchdb.org/en/stable/cve/2023-45725.html	Patch Vendor Advisory
https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg	Mailing List Vendor Advisory
https://docs.couchdb.org/en/stable/cve/2023-45725.html	Patch Vendor Advisory
https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg	Mailing List Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:27

Type	Values Removed	Values Added
References	~~() https://docs.couchdb.org/en/stable/cve/2023-45725.html - Patch, Vendor Advisory~~	() https://docs.couchdb.org/en/stable/cve/2023-45725.html - Patch, Vendor Advisory
References	~~() https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg - Mailing List, Vendor Advisory~~	() https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg - Mailing List, Vendor Advisory

Information

Published : 2023-12-13 08:15

Updated : 2024-11-21 08:27

NVD link : CVE-2023-45725

Mitre link : CVE-2023-45725

CVE.ORG link : CVE-2023-45725

JSON object : View

Products Affected

couchdb

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

{"id": "CVE-2023-45725", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2023-12-13T08:15:50.190", "references": [{"url": "https://docs.couchdb.org/en/stable/cve/2023-45725.html", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg", "tags": ["Mailing List", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://docs.couchdb.org/en/stable/cve/2023-45725.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg", "tags": ["Mailing List", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.\n\nThese design document functions are:\n * \u00a0 list\n * \u00a0 show\n * \u00a0 rewrite\n * \u00a0 update\n\nAn attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an \"update\" function.\n\nFor the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.\n\nWorkaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers\n"}, {"lang": "es", "value": "Las funciones de dise\u00f1o de documentos que reciben un objeto de solicitud http de usuario pueden exponer los encabezados de cookies de sesi\u00f3n o de autorizaci\u00f3n del usuario que accede al documento. Estas funciones del documento de dise\u00f1o son: * lista * mostrar * reescribir * actualizar. Un atacante puede filtrar el componente de la sesi\u00f3n utilizando una salida similar a HTML, insertar la sesi\u00f3n como un recurso externo (como una imagen) o almacenar la credencial en un documento local con una funci\u00f3n de \"actualizaci\u00f3n\". Para que el ataque tenga \u00e9xito, el atacante debe poder insertar los documentos de dise\u00f1o en la base de datos y luego manipular a un usuario para que acceda a una funci\u00f3n desde ese documento de dise\u00f1o. Workaround: evite el uso de documentos de dise\u00f1o de fuentes no confiables que puedan intentar acceder o manipular los encabezados de los objetos de solicitud."}], "lastModified": "2024-11-21T08:27:16.050", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22748077-2553-46DD-A3C6-F4C1775C275E", "versionEndIncluding": "3.3.2"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}