← Voltar para CVEs
CVE-2022-24706
CRITICALCISA KEV9.8
Descricao
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado4/26/2022
Ultima modificacao10/28/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorApache
ProdutoCouchDB
Nome da vulnerabilidadeApache CouchDB Insecure Default Initialization of Resource Vulnerability
Data inclusao KEV2022-08-25
Prazo de remediacao2022-09-15
Uso em ransomwareUnknown
Produtos afetados
apache:couchdb
Fraquezas (CWE)
CWE-1188CWE-1188
Referencias
http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html(security@apache.org)
http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html(security@apache.org)
http://www.openwall.com/lists/oss-security/2022/04/26/1(security@apache.org)
http://www.openwall.com/lists/oss-security/2022/05/09/1(security@apache.org)
http://www.openwall.com/lists/oss-security/2022/05/09/2(security@apache.org)
http://www.openwall.com/lists/oss-security/2022/05/09/3(security@apache.org)
http://www.openwall.com/lists/oss-security/2022/05/09/4(security@apache.org)
https://docs.couchdb.org/en/3.2.2/setup/cluster.html(security@apache.org)
https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00(security@apache.org)
https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd(security@apache.org)
http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2022/04/26/1(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2022/05/09/1(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2022/05/09/2(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2022/05/09/3(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2022/05/09/4(af854a3a-2127-422b-91ae-364da2661108)
https://docs.couchdb.org/en/3.2.2/setup/cluster.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00(af854a3a-2127-422b-91ae-364da2661108)
https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24706(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.