← Volver a CVEs
CVE-2022-24706
CRITICALCISA KEV9.8
Descripcion
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado4/26/2022
Ultima modificacion10/28/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorApache
ProductoCouchDB
Nombre vulnerabilidadApache CouchDB Insecure Default Initialization of Resource Vulnerability
Fecha inclusion KEV2022-08-25
Fecha limite remediacion2022-09-15
Uso en ransomwareUnknown
Productos afectados
apache:couchdb
Debilidades (CWE)
CWE-1188CWE-1188
Referencias
http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html(security@apache.org)
http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html(security@apache.org)
http://www.openwall.com/lists/oss-security/2022/04/26/1(security@apache.org)
http://www.openwall.com/lists/oss-security/2022/05/09/1(security@apache.org)
http://www.openwall.com/lists/oss-security/2022/05/09/2(security@apache.org)
http://www.openwall.com/lists/oss-security/2022/05/09/3(security@apache.org)
http://www.openwall.com/lists/oss-security/2022/05/09/4(security@apache.org)
https://docs.couchdb.org/en/3.2.2/setup/cluster.html(security@apache.org)
https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00(security@apache.org)
https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd(security@apache.org)
http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2022/04/26/1(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2022/05/09/1(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2022/05/09/2(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2022/05/09/3(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2022/05/09/4(af854a3a-2127-422b-91ae-364da2661108)
https://docs.couchdb.org/en/3.2.2/setup/cluster.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00(af854a3a-2127-422b-91ae-364da2661108)
https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24706(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.