| Max CVSS | 10.0 | Min CVSS | 6.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-17188 | 6.5 |
Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Toget
|
03-10-2019 - 00:03 | 02-01-2019 - 14:29 | |
| CVE-2018-11769 | 9.0 |
CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate the
|
03-10-2019 - 00:03 | 08-08-2018 - 15:29 | |
| CVE-2017-12635 | 10.0 |
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the data
|
03-10-2019 - 00:03 | 14-11-2017 - 20:29 | |
| CVE-2018-8007 | 9.0 |
Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their pri
|
13-05-2019 - 19:29 | 11-07-2018 - 13:29 | |
| CVE-2017-12636 | 9.0 |
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB bef
|
13-05-2019 - 19:29 | 14-11-2017 - 20:29 |