virus logo FortiClient Vulnerability

Apache CouchDB CVE-2021-38295 Cross Site Scripting Vulnerability

description-logoDescription

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2

affected-products-logoAffected Applications

Apache CouchDB

CVE References

CVE-2021-38295

Other References

https://docs.couchdb.org/en/stable/cve/2021-38295.html
ID 4469
Created Aug 31, 2022
Description
Updated		 Oct 16, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Apache
Patch manual
Application Apache CouchDB