| Vulnerability Name: | CVE-2022-24706 (CCN-225177) | ||||||||||||
| Assigned: | 2022-04-26 | ||||||||||||
| Published: | 2022-04-26 | ||||||||||||
| Updated: | 2022-11-21 | ||||||||||||
| Summary: | In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations. | ||||||||||||
| CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 9.1 Critical (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
9.1 Critical (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-1188 | ||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-24706 Source: MISC Type: Exploit, Third Party Advisory, VDB Entry http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html Source: MISC Type: Exploit, Third Party Advisory, VDB Entry http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20220426 CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20220509 Re: CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging Source: MLIST Type: Mailing List, Patch, Third Party Advisory [oss-security] 20220509 Re: CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging Source: MLIST Type: Mailing List, Patch, Third Party Advisory [oss-security] 20220509 Re: CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging Source: MLIST Type: Mailing List, Patch, Third Party Advisory [oss-security] 20220509 Re: CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging Source: CCN Type: Apache Web site Apache CouchDB Source: MISC Type: Product https://docs.couchdb.org/en/3.2.2/setup/cluster.html Source: XF Type: UNKNOWN apache-cve202224706-priv-esc(225177) Source: MISC Type: Mailing List, Vendor Advisory https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00 Source: MISC Type: Exploit, Third Party Advisory https://medium.com/@_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd Source: CCN Type: Packet Storm Security [05-11-2022] Apache CouchDB 3.2.1 Remote Code Execution Source: CCN Type: Packet Storm Security [11-02-2022] Apache CouchDB Erlang Remote Code Execution Apache CouchDB Erlang Remote Code Execution Source: CCN Type: oss-sec Mailing List, Tue, 26 Apr 2022 08:44:41 +0000 CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [05-11-2022] | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||