CVE-2022-24706

high-risk
Published 2022-04-26

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.

Do I need to act?

!
94.4% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
50914
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Apache

References (21)

Exploit http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Exe...
Exploit http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Ex...
Mailing List http://www.openwall.com/lists/oss-security/2022/04/26/1
Mailing List http://www.openwall.com/lists/oss-security/2022/05/09/1
Mailing List http://www.openwall.com/lists/oss-security/2022/05/09/2
Mailing List http://www.openwall.com/lists/oss-security/2022/05/09/3
Mailing List http://www.openwall.com/lists/oss-security/2022/05/09/4
Broken Link https://docs.couchdb.org/en/3.2.2/setup/cluster.html
Mailing List https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00
Exploit https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settin...
Exploit http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Exe...
Exploit http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Ex...
Mailing List http://www.openwall.com/lists/oss-security/2022/04/26/1
Mailing List http://www.openwall.com/lists/oss-security/2022/05/09/1
Mailing List http://www.openwall.com/lists/oss-security/2022/05/09/2
Mailing List http://www.openwall.com/lists/oss-security/2022/05/09/3
Mailing List http://www.openwall.com/lists/oss-security/2022/05/09/4
Broken Link https://docs.couchdb.org/en/3.2.2/setup/cluster.html
Mailing List https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00
Exploit https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settin...
and 1 more references
64
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 27/34 · High
Exposure 5/34 · Minimal