In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
http://www.openwall.com/lists/oss-security/2022/04/26/1 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2022/05/09/1 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2022/05/09/2 | Mailing List Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2022/05/09/3 | Mailing List Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2022/05/09/4 | Mailing List Patch Third Party Advisory |
https://docs.couchdb.org/en/3.2.2/setup/cluster.html | Product |
https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00 | Mailing List Vendor Advisory |
https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2022-04-26T00:00:00
Updated: 2022-11-02T00:00:00
Reserved: 2022-02-10T00:00:00
Link: CVE-2022-24706
JSON object: View
NVD Information
Status : Modified
Published: 2022-04-26T10:15:35.083
Modified: 2023-11-07T03:44:33.733
Link: CVE-2022-24706
JSON object: View
Redhat Information
No data.
CWE