You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by va...@apache.org on 2023/05/02 16:51:51 UTC
[couchdb] branch 3.3.x updated: CVE-2023-2626 details doc update
This is an automated email from the ASF dual-hosted git repository.
vatamane pushed a commit to branch 3.3.x
in repository https://gitbox.apache.org/repos/asf/couchdb.git
The following commit(s) were added to refs/heads/3.3.x by this push:
new c1204b94c CVE-2023-2626 details doc update
c1204b94c is described below
commit c1204b94c73419e7e510876b431a643e9c2d913e
Author: Nick Vatamaniuc <va...@gmail.com>
AuthorDate: Tue May 2 12:34:42 2023 -0400
CVE-2023-2626 details doc update
---
src/docs/src/cve/2023-26268.rst | 44 ++++++++++++++++++++++++++++++++++++-----
1 file changed, 39 insertions(+), 5 deletions(-)
diff --git a/src/docs/src/cve/2023-26268.rst b/src/docs/src/cve/2023-26268.rst
index 8ce7085fa..daecec47e 100644
--- a/src/docs/src/cve/2023-26268.rst
+++ b/src/docs/src/cve/2023-26268.rst
@@ -12,16 +12,50 @@
.. _cve/2023-26268:
-===========================================================
-CVE-2023-26268: RESERVED
-===========================================================
+=========================================================================
+CVE-2023-26268: Apache CouchDB: Information sharing via couchjs processes
+=========================================================================
:Date: 02.05.2023
-:Affected: 3.2.2 and below
+:Affected: 3.3.1 and below, 3.2.2 and below
:Severity: Medium
:Vendor: The Apache Software Foundation
-Details will be published on 2023-05-02
+Description
+===========
+
+Design documents with matching document IDs, from databases on the same
+cluster, may share a mutable Javascript environment when using these design
+document functions:
+
+ * validate_doc_update
+ * list
+ * filter
+ * filter views (using view functions as filters)
+ * rewrite
+ * update
+
+This doesn't affect map/reduce or search (Dreyfus) index functions.
+
+Mitigation
+==========
+
+CouchDB :ref:`3.3.2 <release/3.3.2>` and :ref:`3.2.3 <release/3.2.3>` and
+onwards matches Javascript execution processes by database names in addition to
+design document IDs when processing the affected design document functions.
+
+Workarounds
+===========
+
+Avoid using design documents from untrusted sources which may attempt to cache
+or store data in the Javascript environment.
+
+Credit
+======
+
+This issue was identified by `Nick Vatamaniuc`_
+
+.. _Nick Vatamaniuc: https://home.apache.org/phonebook.html?uid=vatamane