EDB-50914
remotelinux
Apache CouchDB 3.2.1 - Remote Code Execution (RCE)
CVE-2022-24706
Konstantin Burov5/11/2022
CVE-2022-24706
9.8CRITICALIn Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommen
Publicado: 4/26/2022Actualizado: 10/28/2025
Vulnerabilidad Explotada Conocida (CISA)
Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.
Acción Requerida:
Apply updates per vendor instructions.
Fecha Límite:
2022-09-15
Descripción
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
Análisis IAImpulsado por IA
Productos Afectados
apachecouchdb
Exploits Disponibles (1)
Referencias
- http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2022/04/26/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/2Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/3Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/4Mailing ListPatchThird Party Advisory
- https://docs.couchdb.org/en/3.2.2/setup/cluster.htmlBroken LinkProduct
- https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00Mailing ListVendor Advisory
- https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcdExploitThird Party Advisory
- http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2022/04/26/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/2Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/3Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/4Mailing ListPatchThird Party Advisory
- https://docs.couchdb.org/en/3.2.2/setup/cluster.htmlBroken LinkProduct
- https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00Mailing ListVendor Advisory
- https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcdExploitThird Party Advisory