EDB-50914
remotelinux
Apache CouchDB 3.2.1 - Remote Code Execution (RCE)
CVE-2022-24706
Konstantin Burov5/11/2022
CVE-2022-24706
9.8CRITICALIn Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommen
게시됨: 4/26/2022업데이트됨: 10/28/2025
CISA 알려진 악용 취약점
Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.
필요한 조치:
Apply updates per vendor instructions.
마감일:
2022-09-15
설명
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
AI 분석AI 기반
영향받는 제품
apachecouchdb
사용 가능한 익스플로잇 (1)
참조
- http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2022/04/26/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/2Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/3Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/4Mailing ListPatchThird Party Advisory
- https://docs.couchdb.org/en/3.2.2/setup/cluster.htmlBroken LinkProduct
- https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00Mailing ListVendor Advisory
- https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcdExploitThird Party Advisory
- http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2022/04/26/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/2Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/3Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/4Mailing ListPatchThird Party Advisory
- https://docs.couchdb.org/en/3.2.2/setup/cluster.htmlBroken LinkProduct
- https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00Mailing ListVendor Advisory
- https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcdExploitThird Party Advisory