CVE-2022-24706

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*

History

28 Jun 2024, 14:06

Type Values Removed Values Added
References () https://docs.couchdb.org/en/3.2.2/setup/cluster.html - Product () https://docs.couchdb.org/en/3.2.2/setup/cluster.html - Broken Link, Product
References () https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd - () https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd - Exploit, Third Party Advisory

07 Nov 2023, 03:44

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd', 'name': 'https://medium.com/@_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd', 'tags': ['Exploit', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd -

Information

Published : 2022-04-26 10:15

Updated : 2024-06-28 14:06


NVD link : CVE-2022-24706

Mitre link : CVE-2022-24706

CVE.ORG link : CVE-2022-24706


JSON object : View

Products Affected

apache

  • couchdb
CWE
CWE-1188

Insecure Default Initialization of Resource