CVE-2023-26268 - Vulnerability Details - OpenCVE

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: * validate_doc_update * list * filter * filter views (using view functions as filters) * rewrite * update This doesn't affect map/reduce or search (Dreyfus) index functions. Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3). Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Apache	Couchdb
Ibm	Cloudant

Configuration 1 [-]

OR	cpe:2.3:a:apache:couchdb::::::::
	cpe:2.3:a:apache:couchdb::::::::

Configuration 2 [-]

cpe:2.3:a:ibm:cloudant:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://docs.couchdb.org/en/stable/cve/2023-26268.html
https://lists.apache.org/thread/ldkqs0nhpmho26bdxf4fon7w75hsq5gl
https://lists.apache.org/thread/r2wvjfysg3d92lhhjd1qh3wfr8mlp0pp

History

Tue, 15 Oct 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-05-02T20:06:09.352Z

Updated: 2024-10-15T18:11:19.560Z

Reserved: 2023-02-21T08:19:47.658Z

Link: CVE-2023-26268

Vulnrichment

Updated: 2024-08-02T11:46:24.314Z

NVD

Status : Modified

Published: 2023-05-02T21:15:09.233

Modified: 2024-11-21T07:51:00.943

Link: CVE-2023-26268

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-26268", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-02-21T08:19:47.658Z", "datePublished": "2023-05-02T20:06:09.352Z", "dateUpdated": "2024-10-15T18:11:19.560Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Apache CouchDB", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "3.3.1", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "IBM Cloudant", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "8349", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nick Vatamaniuc vatamane@apache.org"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:<br><ul><li><span style=\"background-color: rgb(255, 255, 255);\">validate_doc_update<br></span></li><li><span style=\"background-color: rgb(255, 255, 255);\">list<br></span></li><li><span style=\"background-color: rgb(255, 255, 255);\">filter<br></span></li><li><span style=\"background-color: rgb(255, 255, 255);\">filter views (using view functions as filters)<br></span></li><li><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">r</span><span style=\"background-color: rgb(255, 255, 255);\">ewrite</span><br></span></li><li><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">update<br></span></span></li></ul></span><div><span style=\"background-color: rgb(255, 255, 255);\">This doesn't affect map/reduce or search (Dreyfus) index functions.</span></div><div><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).</span></span></div><div><span style=\"background-color: rgb(255, 255, 255);\">Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.</span></div>"}], "value": "Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:\n * validate_doc_update\n\n * list\n\n * filter\n\n * filter views (using view functions as filters)\n\n * rewrite\n\n * update\n\n\n\nThis doesn't affect map/reduce or search (Dreyfus) index functions.\n\nUsers are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).\n\nWorkaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-05-02T20:06:09.352Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/r2wvjfysg3d92lhhjd1qh3wfr8mlp0pp"}, {"tags": ["release-notes"], "url": "https://docs.couchdb.org/en/stable/cve/2023-26268.html"}, {"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/ldkqs0nhpmho26bdxf4fon7w75hsq5gl"}], "source": {"discovery": "INTERNAL"}, "title": "Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:46:24.314Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/r2wvjfysg3d92lhhjd1qh3wfr8mlp0pp"}, {"tags": ["release-notes", "x_transferred"], "url": "https://docs.couchdb.org/en/stable/cve/2023-26268.html"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/ldkqs0nhpmho26bdxf4fon7w75hsq5gl"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-15T18:11:10.609683Z", "id": "CVE-2023-26268", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T18:11:19.560Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/r2wvjfysg3d92lhhjd1qh3wfr8mlp0pp", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://docs.couchdb.org/en/stable/cve/2023-26268.html", "tags": ["release-notes", "x_transferred"]}, {"url": "https://lists.apache.org/thread/ldkqs0nhpmho26bdxf4fon7w75hsq5gl", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:46:24.314Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-26268", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-15T18:11:10.609683Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T18:11:16.114Z"}}], "cna": {"title": "Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Nick Vatamaniuc vatamane@apache.org"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache CouchDB", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.3.1"}], "defaultStatus": "affected"}, {"vendor": "Apache Software Foundation", "product": "IBM Cloudant", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "8349"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/r2wvjfysg3d92lhhjd1qh3wfr8mlp0pp", "tags": ["vendor-advisory"]}, {"url": "https://docs.couchdb.org/en/stable/cve/2023-26268.html", "tags": ["release-notes"]}, {"url": "https://lists.apache.org/thread/ldkqs0nhpmho26bdxf4fon7w75hsq5gl", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:\n * validate_doc_update\n\n * list\n\n * filter\n\n * filter views (using view functions as filters)\n\n * rewrite\n\n * update\n\n\n\nThis doesn't affect map/reduce or search (Dreyfus) index functions.\n\nUsers are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).\n\nWorkaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.\n\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:<br><ul><li><span style=\"background-color: rgb(255, 255, 255);\">validate_doc_update<br></span></li><li><span style=\"background-color: rgb(255, 255, 255);\">list<br></span></li><li><span style=\"background-color: rgb(255, 255, 255);\">filter<br></span></li><li><span style=\"background-color: rgb(255, 255, 255);\">filter views (using view functions as filters)<br></span></li><li><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">r</span><span style=\"background-color: rgb(255, 255, 255);\">ewrite</span><br></span></li><li><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">update<br></span></span></li></ul></span><div><span style=\"background-color: rgb(255, 255, 255);\">This doesn't affect map/reduce or search (Dreyfus) index functions.</span></div><div><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).</span></span></div><div><span style=\"background-color: rgb(255, 255, 255);\">Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.</span></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-05-02T20:06:09.352Z"}}}, "cveMetadata": {"cveId": "CVE-2023-26268", "state": "PUBLISHED", "dateUpdated": "2024-10-15T18:11:19.560Z", "dateReserved": "2023-02-21T08:19:47.658Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2023-05-02T20:06:09.352Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "78AD8F98-C0F4-423D-875B-B34A8AEB82C0", "versionEndExcluding": "3.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "1969B512-C576-47F3-86A2-A916AC792508", "versionEndExcluding": "3.3.2", "versionStartIncluding": "3.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cloudant:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA26A222-7576-432C-915E-F1FC87AE4751", "versionEndIncluding": "8349", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:\n * validate_doc_update\n\n * list\n\n * filter\n\n * filter views (using view functions as filters)\n\n * rewrite\n\n * update\n\n\n\nThis doesn't affect map/reduce or search (Dreyfus) index functions.\n\nUsers are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).\n\nWorkaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.\n\n"}], "id": "CVE-2023-26268", "lastModified": "2024-11-21T07:51:00.943", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 2.7, "source": "security@apache.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-02T21:15:09.233", "references": [{"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://docs.couchdb.org/en/stable/cve/2023-26268.html"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread/ldkqs0nhpmho26bdxf4fon7w75hsq5gl"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread/r2wvjfysg3d92lhhjd1qh3wfr8mlp0pp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://docs.couchdb.org/en/stable/cve/2023-26268.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread/ldkqs0nhpmho26bdxf4fon7w75hsq5gl"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread/r2wvjfysg3d92lhhjd1qh3wfr8mlp0pp"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@apache.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}