Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-24706  

An attacker can access an improperly secured default installation without authenticating and gain admin privileges. CouchDB 3.2.2 and onwards will refuse to start with the former default Erlang cookie value of 'monster'. Installations that upgrade to this versions are forced to choose a different value. In addition, all binary packages have been updated to bind epmd as well as the CouchDB distribution port to 127.0.0.1 and/or ::1 respectively.

Source
Severity Critical

Remote Yes

Type Privilege escalation

Description 

An attacker can access an improperly secured default installation without authenticating and gain admin privileges.

CouchDB 3.2.2 and onwards will refuse to start with the former default Erlang cookie value of 'monster'. Installations that upgrade to this versions are forced to choose a different value.
In addition, all binary packages have been updated to bind epmd as well as the CouchDB distribution port to 127.0.0.1 and/or ::1 respectively.

AVG-2708 couchdb 3.2.1-1 3.2.2-2 Critical Not affected 

https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started