CVE-2018-17188

EPSS 2.77%
Veröffentlicht 02.01.2019 14:29:00
Zuletzt bearbeitet 21.11.2024 03:54:03
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. Rather than waiting for new vulnerabilities to be discovered, and fixing them as they come up, the CouchDB development team decided to make changes to avoid this entire class of vulnerabilities.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Couchdb Version < 2.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.77%	0.856

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/

https://blog.couchdb.org/2018/12/17/cve-2018-17188/

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2018-17188

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-17188

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-17188

EUVD