Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.
These design document functions are:
* list
* show
* rewrite
* update
An attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an "update" function.
For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.
Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers
References
Link | Resource |
---|---|
https://docs.couchdb.org/en/stable/cve/2023-45725.html | Patch Vendor Advisory |
https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg | Mailing List Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2023-12-13T08:02:17.326Z
Updated: 2023-12-13T08:02:17.326Z
Reserved: 2023-10-10T21:35:31.623Z
Link: CVE-2023-45725
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-13T08:15:50.190
Modified: 2023-12-20T18:32:15.360
Link: CVE-2023-45725
JSON object: View
Redhat Information
No data.