CVE-2022-24706

Sažetak

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.

Reference

http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html
http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html
http://www.openwall.com/lists/oss-security/2022/04/26/1
http://www.openwall.com/lists/oss-security/2022/05/09/1
http://www.openwall.com/lists/oss-security/2022/05/09/2
http://www.openwall.com/lists/oss-security/2022/05/09/3
http://www.openwall.com/lists/oss-security/2022/05/09/4
https://docs.couchdb.org/en/3.2.2/setup/cluster.html
https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00
https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd
http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html
http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html
http://www.openwall.com/lists/oss-security/2022/04/26/1
http://www.openwall.com/lists/oss-security/2022/05/09/1
http://www.openwall.com/lists/oss-security/2022/05/09/2
http://www.openwall.com/lists/oss-security/2022/05/09/3
http://www.openwall.com/lists/oss-security/2022/05/09/4
https://docs.couchdb.org/en/3.2.2/setup/cluster.html
https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00
https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

06-03-2025 - 19:48

Objavljeno

26-04-2022 - 10:15