Vulnerability CVE-2018-8007

Vulnerability Name:

CVE-2018-8007 (CCN-146203)

Assigned:

2018-07-10

Published:

2018-07-10

Updated:

2019-05-13

Summary:

Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows an existing CouchDB admin user to gain arbitrary remote code execution, bypassing already disclosed CVE-2017-12636. Mitigation: All users should upgrade to CouchDB releases 1.7.2 or 2.1.2.

CVSS v3 Severity:

7.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
6.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Gain Privileges

References:

Source: CCN
Type: Apache CouchDB Web site
Apache CouchDB

Source: MITRE
Type: CNA
CVE-2018-8007

Source: MLIST
Type: Mailing List, Third Party Advisory
[couchdb-announce] 20180710 Apache CouchDB 2.1.2 released

Source: MLIST
Type: Mailing List, Third Party Advisory
[couchdb-announce] 20180710 Apache CouchDB 1.7.2 released

Source: CCN
Type: oss-sec Mailing List, Wed, 11 Jul 2018 13:40:05 +0200
CVE-2018-8007: Apache CouchDB administrative privilege escalation

Source: BID
Type: Third Party Advisory, VDB Entry
104741

Source: CCN
Type: BID-104741
Apache CouchDB CVE-2018-8007 Remote Privilege Escalation Vulnerability

Source: CONFIRM
Type: Third Party Advisory
https://blog.couchdb.org/2018/07/10/cve-2018-8007/

Source: XF
Type: UNKNOWN
apache-cve20188007-priv-esc(146203)

Source: FEDORA
Type: UNKNOWN
FEDORA-2020-73bd8167a0

Source: FEDORA
Type: UNKNOWN
FEDORA-2020-83f513fd7e

Source: GENTOO
Type: Third Party Advisory
GLSA-201812-06

Source: CONFIRM
Type: UNKNOWN
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us

Source: MISC
Type: Exploit, Third Party Advisory
https://www.mdsec.co.uk/2018/08/advisory-cve-2018-8007-apache-couchdb-remote-code-execution/

Vulnerable Configuration:

Configuration 1:

cpe:/a:apache:couchdb:*:*:*:*:*:*:*:* (Version <= 1.7.1)

OR cpe:/a:apache:couchdb:*:*:*:*:*:*:*:* (Version >= 2.0.0 and <= 2.1.1)

Configuration CCN 1:

cpe:/a:apache:couchdb:1.7.1:*:*:*:*:*:*:*

OR cpe:/a:apache:couchdb:2.1.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20188007	V	CVE-2018-8007	2022-05-22
oval:org.opensuse.security:def:57147	P	Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:60393	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:59786	P	Security update for openssl-1_1 (Important)	2021-08-24
oval:org.opensuse.security:def:57041	P	Security update for libsolv (Important)	2021-06-28
oval:org.opensuse.security:def:57941	P	Security update for freeradius-server (Moderate)	2021-06-11
oval:org.opensuse.security:def:57910	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:59603	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:57991	P	Security update for openvswitch (Important)	2021-02-02
oval:org.opensuse.security:def:58015	P	Security update for java-1_8_0-ibm (Moderate)	2021-01-05
oval:org.opensuse.security:def:57598	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:56468	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:60821	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:57798	P	libgoa-1_0-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:59904	P	Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:56630	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:60850	P	Security update for couchdb (Moderate)	2020-12-01
oval:org.opensuse.security:def:59170	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:60608	P	Security update for libsolv, libzypp, zypper (Moderate)	2020-12-01
oval:org.opensuse.security:def:57313	P	Security update for curl	2020-12-01
oval:org.opensuse.security:def:59350	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:56467	P	Security update for MozillaFirefox, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:60730	P	Security update for SUSE Manager Client Tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:57706	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56490	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:60771	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:57872	P	libxerces-c-3_1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:60093	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:56868	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:59169	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:60511	P	pigz on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:59192	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:60692	P	Security update for git (Moderate)	2020-12-01
oval:org.opensuse.security:def:84303	P	Security update for couchdb (Moderate)	2018-09-20
oval:org.opensuse.security:def:80650	P	Security update for couchdb (Important)	2018-08-31
oval:com.ubuntu.artful:def:20188007000	V	CVE-2018-8007 on Ubuntu 17.10 (artful) - medium.	2018-07-11
oval:com.ubuntu.xenial:def:201880070000000	V	CVE-2018-8007 on Ubuntu 16.04 LTS (xenial) - medium.	2018-07-11
oval:com.ubuntu.trusty:def:20188007000	V	CVE-2018-8007 on Ubuntu 14.04 LTS (trusty) - medium.	2018-07-11
oval:com.ubuntu.xenial:def:20188007000	V	CVE-2018-8007 on Ubuntu 16.04 LTS (xenial) - medium.	2018-07-11

BACK