Description |
A security issue has been found in Apache CouchDB before version 3.1.2. A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated `_show` and `_list` functionality.
This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. |