You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by va...@apache.org on 2023/05/02 16:40:26 UTC

[couchdb] branch cve-2023-26268-docs created (now 415850ad5)

This is an automated email from the ASF dual-hosted git repository.

vatamane pushed a change to branch cve-2023-26268-docs
in repository https://gitbox.apache.org/repos/asf/couchdb.git


      at 415850ad5 CVE-2023-2626 details doc update

This branch includes the following new commits:

     new 415850ad5 CVE-2023-2626 details doc update

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[couchdb] 01/01: CVE-2023-2626 details doc update

Posted by va...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

vatamane pushed a commit to branch cve-2023-26268-docs
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit 415850ad5deef15c50bce84e8662203d5326b52f
Author: Nick Vatamaniuc <va...@gmail.com>
AuthorDate: Tue May 2 12:34:42 2023 -0400

    CVE-2023-2626 details doc update
---
 src/docs/src/cve/2023-26268.rst | 43 ++++++++++++++++++++++++++++++++++++-----
 1 file changed, 38 insertions(+), 5 deletions(-)

diff --git a/src/docs/src/cve/2023-26268.rst b/src/docs/src/cve/2023-26268.rst
index 8ce7085fa..0fbab3302 100644
--- a/src/docs/src/cve/2023-26268.rst
+++ b/src/docs/src/cve/2023-26268.rst
@@ -12,16 +12,49 @@
 
 .. _cve/2023-26268:
 
-===========================================================
-CVE-2023-26268: RESERVED
-===========================================================
+=========================================================================
+CVE-2023-26268: Apache CouchDB: Information sharing via couchjs processes
+=========================================================================
 
 :Date: 02.05.2023
 
-:Affected: 3.2.2 and below
+:Affected: 3.3.1 and below, 3.2.2 and below
 
 :Severity: Medium
 
 :Vendor: The Apache Software Foundation
 
-Details will be published on 2023-05-02
+Description
+===========
+
+Design documents with matching document IDs, from databases on the same
+cluster, may share a mutable Javascript environment when using these design
+document functions:
+
+  * validate_doc_update
+  * list
+  * filter
+  * filter views (using view functions as filters)
+  * rewrite
+  * update
+
+This doesn't affect map/reduce or search (Dreyfus) index functions.
+
+Mitigation
+==========
+
+CouchDB :ref:`3.3.2 <release/3.3.2>` and :ref:`3.2.3 <release/3.2.3>` and
+onwards matches Javascript execution processes by database names in addition to
+design document IDs when processing the affected design document functions.
+
+Workarounds
+===========
+
+Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.
+
+Credit
+======
+
+This issue was identified by `Nick Vatamaniuc`_
+
+.. _Nick Vatamaniuc: https://home.apache.org/phonebook.html?uid=vatamane