2.8. CVE-2017-12635: Apache CouchDB Remote Privilege Escalation¶
All Versions of Apache CouchDB
The Apache Software Foundation
Upgrades from previous 1.x and 2.x versions in the same series should be seamless.
Users on earlier versions, or users upgrading from 1.x to 2.x should consult with upgrade notes.
The JSON parser differences result in behaviour that if two roles keys are available in the JSON, the second one will be used for authorising the document write, but the first roles key is used for subsequent authorisation for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
This issue was discovered by Max Justicz.