CVE-2021-38295

CWE-79Cross-site Scripting (XSS)CWE-269Improper Privilege ManagementCWE-3455 documents5 sources
Severity
7.3HIGH
EPSS
9.0%
top 7.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apache Software Foundation Apache CouchdbApache Software Foundation IBM CloudantApache Couchdb
Timeline
PublishedOct 14
Latest updateMay 24

Description

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages3 packages

NVDapache/couchdb< 3.1.2
CVEListV5apache_software_foundation/apache_couchdbApache CouchDB3.1.2
CVEListV5apache_software_foundation/ibm_cloudantIBM Cloudant8201

🔴Vulnerability Details

3
GHSA
GHSA-gr7p-9mx8-wr74: In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document2022-05-24
CVEList
Privilege escalation vulnerability when using HTML attachments2021-10-14
OSV
CVE-2021-38295: In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document2021-10-14

📋Vendor Advisories

1
Red Hat
couchdb: forget HTML attachment may lead to privileges escalation2021-10-12
CVE-2021-38295 (HIGH CVSS 7.3) | In Apache CouchDB | cvebase.io