CVE-2022-24706

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
References
Link Resource
http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html Exploit Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2022/04/26/1 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/05/09/1 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/05/09/2 Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/05/09/3 Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/05/09/4 Mailing List Patch Third Party Advisory
https://docs.couchdb.org/en/3.2.2/setup/cluster.html Broken Link Product
https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00 Mailing List Vendor Advisory
https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd Exploit Third Party Advisory
http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html Exploit Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2022/04/26/1 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/05/09/1 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/05/09/2 Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/05/09/3 Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/05/09/4 Mailing List Patch Third Party Advisory
https://docs.couchdb.org/en/3.2.2/setup/cluster.html Broken Link Product
https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00 Mailing List Vendor Advisory
https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:50

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
References () http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
References () http://www.openwall.com/lists/oss-security/2022/04/26/1 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2022/04/26/1 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2022/05/09/1 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2022/05/09/1 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2022/05/09/2 - Mailing List, Patch, Third Party Advisory () http://www.openwall.com/lists/oss-security/2022/05/09/2 - Mailing List, Patch, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2022/05/09/3 - Mailing List, Patch, Third Party Advisory () http://www.openwall.com/lists/oss-security/2022/05/09/3 - Mailing List, Patch, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2022/05/09/4 - Mailing List, Patch, Third Party Advisory () http://www.openwall.com/lists/oss-security/2022/05/09/4 - Mailing List, Patch, Third Party Advisory
References () https://docs.couchdb.org/en/3.2.2/setup/cluster.html - Broken Link, Product () https://docs.couchdb.org/en/3.2.2/setup/cluster.html - Broken Link, Product
References () https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00 - Mailing List, Vendor Advisory () https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00 - Mailing List, Vendor Advisory
References () https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd - Exploit, Third Party Advisory () https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd - Exploit, Third Party Advisory

28 Jun 2024, 14:06

Type Values Removed Values Added
References () https://docs.couchdb.org/en/3.2.2/setup/cluster.html - Product () https://docs.couchdb.org/en/3.2.2/setup/cluster.html - Broken Link, Product
References () https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd - () https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd - Exploit, Third Party Advisory

07 Nov 2023, 03:44

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd', 'name': 'https://medium.com/@_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd', 'tags': ['Exploit', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd -

Information

Published : 2022-04-26 10:15

Updated : 2024-11-21 06:50


NVD link : CVE-2022-24706

Mitre link : CVE-2022-24706

CVE.ORG link : CVE-2022-24706


JSON object : View

Products Affected

apache

  • couchdb
CWE
CWE-1188

Insecure Default Initialization of Resource