Privilege escalation vulnerability in Apache CouchDB - CVE-2018-11769ID: oval:org.secpod.oval:def:60214 | Date: (C)2019-12-20 (M)2021-06-02 |
Class: VULNERABILITY | Family: windows |
The host is installed with Apache CouchDB 1.x before 2.2.0 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle the validation issue in administrator-supplied configuration settings. Successful exploitation could allow attackers to escalate their privileges to that of the operating system's user under which CouchDB runs, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API.
Platform: |
Microsoft Windows 7 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows 8 |
Microsoft Windows Server 2012 |
Microsoft Windows 8.1 |
Microsoft Windows 10 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |