EDB-50914
remotelinux
Apache CouchDB 3.2.1 - Remote Code Execution (RCE)
CVE-2022-24706
Konstantin Burov5/11/2022
CVE-2022-24706
9.8CRITICALIn Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommen
Veröffentlicht: 4/26/2022Aktualisiert: 10/28/2025
CISA Bekannte Ausgenutzte Schwachstelle
Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.
Erforderliche Maßnahme:
Apply updates per vendor instructions.
Fälligkeitsdatum:
2022-09-15
Beschreibung
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
KI-AnalyseKI-gestützt
Betroffene Produkte
apachecouchdb
Verfügbare Exploits (1)
Referenzen
- http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2022/04/26/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/2Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/3Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/4Mailing ListPatchThird Party Advisory
- https://docs.couchdb.org/en/3.2.2/setup/cluster.htmlBroken LinkProduct
- https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00Mailing ListVendor Advisory
- https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcdExploitThird Party Advisory
- http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2022/04/26/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/2Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/3Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/4Mailing ListPatchThird Party Advisory
- https://docs.couchdb.org/en/3.2.2/setup/cluster.htmlBroken LinkProduct
- https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00Mailing ListVendor Advisory
- https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcdExploitThird Party Advisory