Description
The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by hyp3rlinx · textlocalwindows
https://www.exploit-db.com/exploits/40865
References (3)
Core 3
Core References
Vendor Advisory mailing-list
x_refsource_mlist
http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E
Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/40865/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94766
Scores
CVSS v3
7.8
EPSS
0.0044
EPSS Percentile
63.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-264
Status
published
Products (1)
apache/couchdb
2.0.0
Published
Feb 12, 2018
Tracked Since
Feb 18, 2026