The host is installed with Apache CouchDB before 1.7.2 or 2.x before 2.1.2 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle the validation issue in administrator-supplied configuration settings. Successful exploitation could allow attackers to escalate their privileges to that of the operating system's user under which CouchDB runs, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API.