10

CVE-2017-12635

EPSS 94.19%
Veröffentlicht 14.11.2017 20:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Couchdb Version < 1.7.0

Apache ≫ Couchdb Version2.0.0

Apache ≫ Couchdb Version2.0.0 Updaterc1

Apache ≫ Couchdb Version2.0.0 Updaterc2

Apache ≫ Couchdb Version2.0.0 Updaterc3

Apache ≫ Couchdb Version2.0.0 Updaterc4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.19%	0.999

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://www.securityfocus.com/bid/101868

Third Party Advisory

VDB Entry

https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E

https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html

https://security.gentoo.org/glsa/201711-16

Third Party Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us

https://www.exploit-db.com/exploits/44498/

https://www.exploit-db.com/exploits/45019/

https://nvd.nist.gov/vuln/detail/CVE-2017-12635

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-12635

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-12635

EUVD