9.8
CVSSv3

CVE-2022-24706

Published: 26/04/2022 Updated: 13/07/2022
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

In Apache CouchDB before 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache couchdb

Vendor Advisories

An attacker can access an improperly secured default installation without authenticating and gain admin privileges CouchDB 322 and onwards will refuse to start with the former default Erlang cookie value of 'monster' Installations that upgrade to this versions are forced to choose a different value In addition, all binary packages have been u ...

Mailing Lists

Apache CouchDB version 321 suffers from a remote code execution vulnerability ...

Github Repositories

Apache CouchDB 321 - Remote Code Execution (RCE) CVE-2022-24706 Date: 2022-01-21 Exploit Author: Konstantin Burov, @_sadshade Software Link: couchdbapacheorg/ Version: 321 and below Tested on: Kali 20212 Based on 1F98D's Erlang Cookie - Remote Code Execution Shodan: port:4369 "name couchdb at" CVE: CVE-2022-24706 References: habrcom/ru/pos

Apache CouchDB 321 - Remote Code Execution (RCE) CVE-2022-24706 Date: 2022-01-21 Exploit Author: Konstantin Burov, @_sadshade Software Link: couchdbapacheorg/ Version: 321 and below Tested on: Kali 20212 Based on 1F98D's Erlang Cookie - Remote Code Execution Shodan: port:4369 "name couchdb at" CVE: CVE-2022-24706 References: habrcom/ru/pos

CVE-2022-24706 CVE-2022-24706 POC exploit

Apache-CouchDB-CVE-2022-24706-RCE-Exploits-Blog-post- I wrote a blog post about Apache CouchDB CVE-2022-24706 RCE Exploits

Awesome-POC 【免责声明】本仓库所涉及的技术、思路和工具仅供学习,任何人不得将其用于非法用途和盈利,否则后果自行承担。 目录 [AspCMS commentListasp SQL注入漏洞](CMS漏洞/AspCMS%20commentListasp SQL注入漏洞md) [BSPHP indexphp 未授权访问 信息泄露漏洞](CMS漏洞/BSPHP%20indexphp 未授权访问 信息