CVE-2010-2234

CWE-352Cross-Site Request Forgery (CSRF)5 documents4 sources
Severity
6.8MEDIUM
EPSS
0.5%
top 35.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Couchdb
Timeline
PublishedAug 19
Latest updateMay 14

Description

Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDapache/couchdb8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-3c6h-p7mj-5m9j: Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 02022-05-14
CVEList
CVE-2010-2234: Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 02010-08-19

💬Community

2
Bugzilla
CVE-2010-2234 couchdb: CSRF vulnerability in versions prior to 0.11.2/1.0.12010-08-17
Bugzilla
CVE-2010-2234 couchdb: CSRF vulnerability in versions prior to 0.11.2/1.0.1 [fedora-all]2010-08-17
CVE-2010-2234 (MEDIUM CVSS 6.8) | Cross-site request forgery (CSRF) v | cvebase.io