Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-24706

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.

Published

2022-04-26T10:15:35.083

Last Modified

2025-03-06T20:06:08.803

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-1188
Type: Primary
CWE-1188

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	couchdb	< 3.2.2	Yes

References

http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html Exploit, Third Party Advisory, VDB Entry ([email protected])
http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html Exploit, Third Party Advisory, VDB Entry ([email protected])
http://www.openwall.com/lists/oss-security/2022/04/26/1 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2022/05/09/1 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2022/05/09/2 Mailing List, Patch, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2022/05/09/3 Mailing List, Patch, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2022/05/09/4 Mailing List, Patch, Third Party Advisory ([email protected])
https://docs.couchdb.org/en/3.2.2/setup/cluster.html Broken Link, Product ([email protected])
https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00 Mailing List, Vendor Advisory ([email protected])
https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd Exploit, Third Party Advisory ([email protected])
http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2022/04/26/1 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2022/05/09/1 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2022/05/09/2 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2022/05/09/3 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2022/05/09/4 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://docs.couchdb.org/en/3.2.2/setup/cluster.html Broken Link, Product (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00 Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)