Skip to main content

Couchdb

14 CVEs product

Monthly

CVE-2023-45725 MEDIUM PATCH This Month

Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Couchdb
NVD
CVSS 3.1
5.7
EPSS
1.2%
CVE-2023-26268 MEDIUM This Month

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: * validate_doc_update * list *. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Couchdb Cloudant
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2022-24706 CRITICAL POC KEV PATCH THREAT Act Now

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Information Disclosure Couchdb
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
92.5%
CVE-2021-38295 HIGH This Week

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apache XSS Couchdb
NVD
CVSS 3.1
7.3
EPSS
2.5%
CVE-2020-1955 CRITICAL Act Now

CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchdb
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2018-14889 HIGH This Week

CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Couchdb
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-11769 HIGH This Week

CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Couchdb
NVD
CVSS 3.0
7.2
EPSS
8.2%
CVE-2018-8007 HIGH POC THREAT This Week

Apache CouchDB administrative users can configure the database server via HTTP(S). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apache RCE Couchdb
NVD
CVSS 3.0
7.2
EPSS
11.7%
CVE-2017-12636 HIGH POC THREAT Act Now

CouchDB administrative users can configure the database server via HTTP(S). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 93.8%.

Apache Command Injection Couchdb
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
93.8%
Threat
5.8
CVE-2017-12635 CRITICAL POC THREAT Emergency

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 94.1%.

Apache Privilege Escalation RCE Couchdb
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
94.1%
Threat
6.3
CVE-2012-5649 MEDIUM This Month

Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Adobe RCE Code Injection Apache Couchdb
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-2668 MEDIUM POC THREAT This Month

Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 40.4%.

Denial Of Service Apache Couchdb
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
40.4%
CVE-2012-5650 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Apache Couchdb
NVD VulDB
CVSS 2.0
4.3
EPSS
0.9%
CVE-2012-5641 MEDIUM POC PATCH This Month

Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Apache Couchdb Mochiweb
NVD GitHub VulDB
CVSS 2.0
5.0
EPSS
3.7%
EPSS 1% CVSS 5.7
MEDIUM PATCH This Month

Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Couchdb
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: * validate_doc_update * list *. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Couchdb +1
NVD
EPSS 93% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Information Disclosure Couchdb
NVD Exploit-DB
EPSS 2% CVSS 7.3
HIGH This Week

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apache XSS +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchdb
NVD
EPSS 1% CVSS 7.8
HIGH This Week

CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Couchdb
NVD
EPSS 8% CVSS 7.2
HIGH This Week

CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Couchdb
NVD
EPSS 12% CVSS 7.2
HIGH POC THREAT This Week

Apache CouchDB administrative users can configure the database server via HTTP(S). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apache RCE +1
NVD
EPSS 94% 5.8 CVSS 7.2
HIGH POC THREAT Act Now

CouchDB administrative users can configure the database server via HTTP(S). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 93.8%.

Apache Command Injection Couchdb
NVD Exploit-DB
EPSS 94% 6.3 CVSS 9.8
CRITICAL POC THREAT Emergency

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 94.1%.

Apache Privilege Escalation RCE +1
NVD Exploit-DB
EPSS 2% CVSS 6.8
MEDIUM This Month

Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Adobe RCE Code Injection +2
NVD
EPSS 40% CVSS 5.0
MEDIUM POC THREAT This Month

Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 40.4%.

Denial Of Service Apache Couchdb
NVD Exploit-DB VulDB
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Apache Couchdb
NVD VulDB
EPSS 4% CVSS 5.0
MEDIUM POC PATCH This Month

Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Apache Couchdb +1
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy