In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2
[
{
"product": "Apache CouchDB",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.1.2",
"status": "affected",
"version": "Apache CouchDB",
"versionType": "custom"
}
]
},
{
"product": "IBM Cloudant",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "8201",
"status": "affected",
"version": "IBM Cloudant",
"versionType": "custom"
}
]
}
]