You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by va...@apache.org on 2023/05/02 16:50:38 UTC

[couchdb] branch 3.3.x-cve-2023-26268.rst created (now 09f015e9a)

This is an automated email from the ASF dual-hosted git repository.

vatamane pushed a change to branch 3.3.x-cve-2023-26268.rst
in repository https://gitbox.apache.org/repos/asf/couchdb.git


      at 09f015e9a CVE-2023-2626 details doc update

This branch includes the following new commits:

     new 09f015e9a CVE-2023-2626 details doc update

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[couchdb] 01/01: CVE-2023-2626 details doc update

Posted by va...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

vatamane pushed a commit to branch 3.3.x-cve-2023-26268.rst
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit 09f015e9ad14c43b4c60b3547e8a995eec28ce31
Author: Nick Vatamaniuc <va...@gmail.com>
AuthorDate: Tue May 2 12:34:42 2023 -0400

    CVE-2023-2626 details doc update
---
 src/docs/src/cve/2023-26268.rst | 44 ++++++++++++++++++++++++++++++++++++-----
 1 file changed, 39 insertions(+), 5 deletions(-)

diff --git a/src/docs/src/cve/2023-26268.rst b/src/docs/src/cve/2023-26268.rst
index 8ce7085fa..daecec47e 100644
--- a/src/docs/src/cve/2023-26268.rst
+++ b/src/docs/src/cve/2023-26268.rst
@@ -12,16 +12,50 @@
 
 .. _cve/2023-26268:
 
-===========================================================
-CVE-2023-26268: RESERVED
-===========================================================
+=========================================================================
+CVE-2023-26268: Apache CouchDB: Information sharing via couchjs processes
+=========================================================================
 
 :Date: 02.05.2023
 
-:Affected: 3.2.2 and below
+:Affected: 3.3.1 and below, 3.2.2 and below
 
 :Severity: Medium
 
 :Vendor: The Apache Software Foundation
 
-Details will be published on 2023-05-02
+Description
+===========
+
+Design documents with matching document IDs, from databases on the same
+cluster, may share a mutable Javascript environment when using these design
+document functions:
+
+  * validate_doc_update
+  * list
+  * filter
+  * filter views (using view functions as filters)
+  * rewrite
+  * update
+
+This doesn't affect map/reduce or search (Dreyfus) index functions.
+
+Mitigation
+==========
+
+CouchDB :ref:`3.3.2 <release/3.3.2>` and :ref:`3.2.3 <release/3.2.3>` and
+onwards matches Javascript execution processes by database names in addition to
+design document IDs when processing the affected design document functions.
+
+Workarounds
+===========
+
+Avoid using design documents from untrusted sources which may attempt to cache
+or store data in the Javascript environment.
+
+Credit
+======
+
+This issue was identified by `Nick Vatamaniuc`_
+
+.. _Nick Vatamaniuc: https://home.apache.org/phonebook.html?uid=vatamane