CSRF in Apache Couchdb

CVE-2010-2234

Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.005 (67.7th percentile) — read the EPSS interpretation.

Affected products

Apache Couchdb — versions 0.10.0, 0.9.1, 0.8.0
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

20100817 CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack (mailing-list, x_refsource_FULLDISC)
20100817 CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack (mailing-list, x_refsource_BUGTRAQ)
secalert@redhat.com (x_refsource_CONFIRM)
42501 (vdb-entry, x_refsource_BID)