git: e349d6c6c522 - main - security/vuxml: add CouchDB CVE details

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Dave Cottlehuber <dch_at_FreeBSD.org>
Date: Tue, 12 Oct 2021 13:17:08 UTC
The branch main has been updated by dch:

URL: https://cgit.FreeBSD.org/ports/commit/?id=e349d6c6c52214a48c57142cf6223d55d75e5b76

commit e349d6c6c52214a48c57142cf6223d55d75e5b76
Author:     Dave Cottlehuber <dch@FreeBSD.org>
AuthorDate: 2021-10-12 12:40:10 +0000
Commit:     Dave Cottlehuber <dch@FreeBSD.org>
CommitDate: 2021-10-12 13:16:54 +0000

    security/vuxml: add CouchDB CVE details
    
    while here, appease `make validate` indentation
    
    Security:       https://docs.couchdb.org/en/stable/cve/2021-38295.html
    Sponsored by:   SkunkWerks, GmbH
---
 security/vuxml/vuln-2021.xml | 43 ++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 38 insertions(+), 5 deletions(-)

diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml
index 1f31be2f4016..82095255b54d 100644
--- a/security/vuxml/vuln-2021.xml
+++ b/security/vuxml/vuln-2021.xml
@@ -1,3 +1,36 @@
+  <vuln vid="a7dd4c2d-77e4-46de-81a2-c453c317f9de">
+    <topic>couchdb -- user privilege escalation</topic>
+    <affects>
+      <package>
+	<name>couchdb</name>
+	<range><lt>3.1.2,2</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Cory Sabol reports:</p>
+    <blockquote cite="https://docs.couchdb.org/en/stable/cve/2021-38295.html">
+      <p>A malicious user with permission to create documents in a
+       database is able to attach a HTML attachment to a document.
+       If a CouchDB admin opens that attachment in a browser, e.g.
+       via the CouchDB admin interface Fauxton, any JavaScript code
+       embedded in that HTML attachment will be executed within the
+       security context of that admin. A similar route is available
+       with the already deprecated _show and _list functionality.
+	  </p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2021-39205</cvename>
+      <url>https://docs.couchdb.org/en/stable/cve/2021-38295.html</url>
+    </references>
+    <dates>
+      <discovery>2021-08-09</discovery>
+      <entry>2021-10-12</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="9a8514f3-2ab8-11ec-b3a1-8c164582fbac">
     <topic>Ansible -- Ansible user credentials disclosure in ansible-connection module</topic>
     <affects>
@@ -38,11 +71,11 @@
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Red Hat reports:</p>
 	<blockquote cite="">
-          <p>A flaw was found in Ansible Engine's ansible-connection
-            module, where sensitive information such as the Ansible
-            user credentials is disclosed by default in the traceback
-            error message. The highest threat from this vulnerability
-            is to confidentiality.</p>
+       <p>A flaw was found in Ansible Engine's ansible-connection
+       module, where sensitive information such as the Ansible
+       user credentials is disclosed by default in the traceback
+       error message. The highest threat from this vulnerability
+       is to confidentiality.</p>
 	</blockquote>
       </body>
     </description>