Apache CouchDB 1.x / 2.1.x <= 2.1.2 Privilege Escalation
High Nessus Plugin ID 111967
SynopsisThe remote database server is potentially affected by a privilege escalation vulnerability.
DescriptionAccording to its banner, the version of CouchDB running on the remote host is 1.x or 2.1.x prior to 2.1.2. It is, therefore, potentially affected by a privilege escalation which could allow a CouchDB administrative user to gain remote code execution on the underlying operating system.
Note that Nessus did not actually test for these flaws but instead, has relied on the version in CouchDB's banner.
SolutionUpgrade to CouchDB 2.2.0 or later.