vulnerability

Ubuntu: (CVE-2018-17188): couchdb vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	Jan 2, 2019	Jun 26, 2025	Jun 26, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Jan 2, 2019

Added

Jun 26, 2025

Modified

Jun 26, 2025

Description

Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. Rather than waiting for new vulnerabilities to be discovered, and fixing them as they come up, the CouchDB development team decided to make changes to avoid this entire class of vulnerabilities.

Solution

no-fix-ubuntu-package

References

CVE-2018-17188
https://attackerkb.com/topics/CVE-2018-17188
URL-https://www.cve.org/CVERecord?id=CVE-2018-17188
URL-https://www.openwall.com/lists/oss-security/2018/12/17/1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today