ID de Prueba:	1.3.6.1.4.1.25623.1.0.112756
Categoría:	Databases
Título:	Apache CouchDB 3.0.0 Remote Privilege Escalation Vulnerability - Windows
Resumen:	CouchDB is prone to a remote privilege escalation; vulnerability.
Descripción:	Summary: CouchDB is prone to a remote privilege escalation vulnerability. Vulnerability Insight: CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called require_valid_user_except_for_up. It was meant as an extension to the long-standing setting require_valid_user, which in turn requires that any and all requests to CouchDB will have to be made with valid credentials, effectively forbidding any anonymous requests. The new require_valid_user_except_for_up is an off-by-default setting that was meant to allow requiring valid credentials for all endpoints except for the /_up endpoint. However, the implementation of this made an error that lead to not enforcing credentials on any endpoint, when enabled. Vulnerability Impact: Successful exploitation would allow an attacker to escalate his privileges. Affected Software/OS: Apache CouchDB version 3.0.0. Solution: Update to version 3.0.1, 3.1.0 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-1955 https://docs.couchdb.org/en/master/cve/2020-1955.html
Copyright	Copyright (C) 2020 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.