BIT-couchdb-2022-24706
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/couchdb/BIT-couchdb-2022-24706.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/BIT-couchdb-2022-24706
- Aliases
- Published
- 2024-03-06T10:51:24.067Z
- Modified
- 2024-03-06T11:25:28.861Z
- Summary
- [none]
- Details
-
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
- Database specific
{ "cpes": [ "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*" ], "severity": "Critical" }- References
-
- http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html
- http://www.openwall.com/lists/oss-security/2022/04/26/1
- http://www.openwall.com/lists/oss-security/2022/05/09/1
- http://www.openwall.com/lists/oss-security/2022/05/09/2
- http://www.openwall.com/lists/oss-security/2022/05/09/3
- http://www.openwall.com/lists/oss-security/2022/05/09/4
- https://docs.couchdb.org/en/3.2.2/setup/cluster.html
- https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00
- https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd
Affected packages
Bitnami / couchdb
Package
- Name
- couchdb
- Purl
- pkg:bitnami/couchdb
Severity
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator