Executive Summary

Informations
NameCVE-2018-17188First vendor Publication2019-01-02
VendorCveLast vendor Modification2019-05-13

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Cvss Base Score6.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. Rather than waiting for new vulnerabilities to be discovered, and fixing them as they come up, the CouchDB development team decided to make changes to avoid this entire class of vulnerabilities.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17188

CWE : Common Weakness Enumeration

%idName
100 %CWE-264Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Application38

Nessus® Vulnerability Scanner

DateDescription
2018-12-21Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_1999a215fc6b11e88a95ac1f6b67e138.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
CONFIRM https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr...
MISC https://blog.couchdb.org/2018/12/17/cve-2018-17188/

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2019-05-14 00:19:04
  • Multiple Updates
2019-01-02 17:19:05
  • First insertion