| Revision Date: | 2022-05-22 | Version: | 1 |
| Title: | CVE-2020-1955 |
| Description: |
CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in turn requires that any and all requests to CouchDB will have to be made with valid credentials, effectively forbidding any anonymous requests. The new `require_valid_user_except_for_up` is an off-by-default setting that was meant to allow requiring valid credentials for all endpoints except for the `/_up` endpoint. However, the implementation of this made an error that lead to not enforcing credentials on any endpoint, when enabled. CouchDB versions 3.0.1[1] and 3.1.0[2] fix this issue.
|
| Family: | unix | Class: | vulnerability |
| Status: | | Reference(s): | Mitre CVE-2020-1955
SUSE CVE-2020-1955
|
| Platform(s): | SUSE OpenStack Cloud 7
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
| Product(s): | |
| Definition Synopsis |
| SUSE OpenStack Cloud 7 is installed AND couchdb is not affected
|
| Definition Synopsis |
| SUSE OpenStack Cloud Crowbar 8 is installed
AND couchdb is not affected
|
| Definition Synopsis |
| SUSE OpenStack Cloud Crowbar 9 is installed
AND couchdb is not affected
|