Lucene search

K
ubuntucveUbuntu.comUB:CVE-2017-12635
HistoryNov 14, 2017 - 12:00 a.m.

CVE-2017-12635

2017-11-1400:00:00
ubuntu.com
ubuntu.com
26

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.974

Percentile

99.9%

Due to differences in the Erlang-based JSON parser and JavaScript-based
JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before
2.1.1 to submit _users documents with duplicate keys for ‘roles’ used for
access control within the database, including the special case ‘_admin’
role, that denotes administrative users. In combination with CVE-2017-12636
(Remote Code Execution), this can be used to give non-admin users access to
arbitrary shell commands on the server as the database system user. The
JSON parser differences result in behaviour that if two ‘roles’ keys are
available in the JSON, the second one will be used for authorising the
document write, but the first ‘roles’ key is used for subsequent
authorization for the newly created user. By design, users can not assign
themselves roles. The vulnerability allows non-admin users to give
themselves admin privileges.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchcouchdb< anyUNKNOWN

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.974

Percentile

99.9%