Executive Summary

NameCVE-2018-17188First vendor Publication2019-01-02
VendorCveLast vendor Modification2019-05-13

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Cvss Base Score6.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores


Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. Rather than waiting for new vulnerabilities to be discovered, and fixing them as they come up, the CouchDB development team decided to make changes to avoid this entire class of vulnerabilities.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17188

CWE : Common Weakness Enumeration

100 %CWE-264Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration


Nessus® Vulnerability Scanner

2018-12-21Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_1999a215fc6b11e88a95ac1f6b67e138.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

CONFIRM https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr...
MISC https://blog.couchdb.org/2018/12/17/cve-2018-17188/

Alert History

If you want to see full details history, please login or register.
2019-05-14 00:19:04
  • Multiple Updates
2019-01-02 17:19:05
  • First insertion