CVE-2022-24706

• BIT-couchdb-2022-24706

• 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "Apache CouchDB"
                },
                {
                    "last_affected": "3.2.1"
                }
            ]
        }
    ],
    "cna_assigner": "apache",
    "cwe_ids": [
        "CWE-1188"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24706.json"
}

• http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html
• http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html
• https://docs.couchdb.org/en/3.2.2/setup/cluster.html
• https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00
• https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24706
• https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24706.json
• https://nvd.nist.gov/vuln/detail/CVE-2022-24706
• http://www.openwall.com/lists/oss-security/2022/04/26/1
• http://www.openwall.com/lists/oss-security/2022/05/09/1
• http://www.openwall.com/lists/oss-security/2022/05/09/2
• http://www.openwall.com/lists/oss-security/2022/05/09/3
• http://www.openwall.com/lists/oss-security/2022/05/09/4