QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-17188

Back to search

CVE-2018-17188

Published: Jan 2, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. Rather than waiting for new vulnerabilities to be discovered, and fixing them as they come up, the CouchDB development team decided to make changes to avoid this entire class of vulnerabilities.

VendorProductVersions

Apache Software Foundation

Apache CouchDB

affected
All

References

FEDORA-2020-83f513fd7e
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-73bd8167a0
vendor-advisory
x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now