CVE-2023-26268 - OpenCVE

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: * validate_doc_update * list * filter * filter views (using view functions as filters) * rewrite * update This doesn't affect map/reduce or search (Dreyfus) index functions. Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3). Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Couchdb
Ibm	Cloudant

Configuration 1 [-]

OR	cpe:2.3:a:apache:couchdb::::::::
	cpe:2.3:a:apache:couchdb::::::::

Configuration 2 [-]

cpe:2.3:a:ibm:cloudant:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://docs.couchdb.org/en/stable/cve/2023-26268.html
https://lists.apache.org/thread/ldkqs0nhpmho26bdxf4fon7w75hsq5gl
https://lists.apache.org/thread/r2wvjfysg3d92lhhjd1qh3wfr8mlp0pp

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-05-02T20:06:09.352Z

Updated: 2024-08-02T11:46:24.314Z

Reserved: 2023-02-21T08:19:47.658Z

Link: CVE-2023-26268

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-02T21:15:09.233

Modified: 2023-05-10T16:08:34.207

Link: CVE-2023-26268

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-26268", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-02-21T08:19:47.658Z", "datePublished": "2023-05-02T20:06:09.352Z", "dateUpdated": "2024-08-02T11:46:24.314Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Apache CouchDB", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "3.3.1", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "IBM Cloudant", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "8349", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nick Vatamaniuc vatamane@apache.org"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:<br><ul><li><span style=\"background-color: rgb(255, 255, 255);\">validate_doc_update<br></span></li><li><span style=\"background-color: rgb(255, 255, 255);\">list<br></span></li><li><span style=\"background-color: rgb(255, 255, 255);\">filter<br></span></li><li><span style=\"background-color: rgb(255, 255, 255);\">filter views (using view functions as filters)<br></span></li><li><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">r</span><span style=\"background-color: rgb(255, 255, 255);\">ewrite</span><br></span></li><li><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">update<br></span></span></li></ul></span><div><span style=\"background-color: rgb(255, 255, 255);\">This doesn't affect map/reduce or search (Dreyfus) index functions.</span></div><div><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).</span></span></div><div><span style=\"background-color: rgb(255, 255, 255);\">Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.</span></div>"}], "value": "Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:\n * validate_doc_update\n\n * list\n\n * filter\n\n * filter views (using view functions as filters)\n\n * rewrite\n\n * update\n\n\n\nThis doesn't affect map/reduce or search (Dreyfus) index functions.\n\nUsers are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).\n\nWorkaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-05-02T20:06:09.352Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/r2wvjfysg3d92lhhjd1qh3wfr8mlp0pp"}, {"tags": ["release-notes"], "url": "https://docs.couchdb.org/en/stable/cve/2023-26268.html"}, {"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/ldkqs0nhpmho26bdxf4fon7w75hsq5gl"}], "source": {"discovery": "INTERNAL"}, "title": "Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:46:24.314Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/r2wvjfysg3d92lhhjd1qh3wfr8mlp0pp"}, {"tags": ["release-notes", "x_transferred"], "url": "https://docs.couchdb.org/en/stable/cve/2023-26268.html"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/ldkqs0nhpmho26bdxf4fon7w75hsq5gl"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "78AD8F98-C0F4-423D-875B-B34A8AEB82C0", "versionEndExcluding": "3.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "1969B512-C576-47F3-86A2-A916AC792508", "versionEndExcluding": "3.3.2", "versionStartIncluding": "3.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cloudant:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA26A222-7576-432C-915E-F1FC87AE4751", "versionEndIncluding": "8349", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:\n * validate_doc_update\n\n * list\n\n * filter\n\n * filter views (using view functions as filters)\n\n * rewrite\n\n * update\n\n\n\nThis doesn't affect map/reduce or search (Dreyfus) index functions.\n\nUsers are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).\n\nWorkaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.\n\n"}], "id": "CVE-2023-26268", "lastModified": "2023-05-10T16:08:34.207", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 2.7, "source": "security@apache.org", "type": "Secondary"}]}, "published": "2023-05-02T21:15:09.233", "references": [{"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://docs.couchdb.org/en/stable/cve/2023-26268.html"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread/ldkqs0nhpmho26bdxf4fon7w75hsq5gl"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread/r2wvjfysg3d92lhhjd1qh3wfr8mlp0pp"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@apache.org", "type": "Secondary"}]}