This is an automated email from the ASF dual-hosted git repository. vatamane pushed a commit to branch 3.2.2-docs-cve-2023-26268 in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 2cd9e8fcaf1db08327d34b9b6dbddba65832e604 Author: Nick Vatamaniuc <[email protected]> AuthorDate: Tue May 2 12:34:42 2023 -0400 CVE-2023-2626 details doc update --- src/docs/src/cve/2023-26268.rst | 61 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/src/docs/src/cve/2023-26268.rst b/src/docs/src/cve/2023-26268.rst new file mode 100644 index 000000000..d39f80c53 --- /dev/null +++ b/src/docs/src/cve/2023-26268.rst @@ -0,0 +1,61 @@ +.. Licensed under the Apache License, Version 2.0 (the "License"); you may not +.. use this file except in compliance with the License. You may obtain a copy of +.. the License at +.. +.. http://www.apache.org/licenses/LICENSE-2.0 +.. +.. Unless required by applicable law or agreed to in writing, software +.. distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +.. WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +.. License for the specific language governing permissions and limitations under +.. the License. + +.. _cve/2023-26268: + +========================================================================= +CVE-2023-26268: Apache CouchDB: Information sharing via couchjs processes +========================================================================= + +:Date: 02.05.2023 + +:Affected: 3.2.2 and below + +:Severity: Medium + +:Vendor: The Apache Software Foundation + +Description +=========== + +Design documents with matching document IDs, from databases on the same +cluster, may share a mutable Javascript environment when using these design +document functions: + + * validate_doc_update + * list + * filter + * filter views (using view functions as filters) + * rewrite + * update + +This doesn't affect map/reduce or search (Dreyfus) index functions. + +Mitigation +========== + +CouchDB :ref:`3.2.3 <release/3.2.3>` and onwards matches Javascript execution +processes by database names in addition to design document IDs when processing +the affected design document functions. + +Workarounds +=========== + +Avoid using design documents from untrusted sources which may attempt to cache +or store data in the Javascript environment. + +Credit +====== + +This issue was identified by `Nick Vatamaniuc`_ + +.. _Nick Vatamaniuc: https://home.apache.org/phonebook.html?uid=vatamane
