10

CVE-2022-24706

Warnung
Exploit

Remote Code Execution Vulnerability in Packaging

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheCouchdb Version < 3.2.2

25.08.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apache CouchDB Insecure Default Initialization of Resource Vulnerability

Schwachstelle

Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 92.34% 0.998
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-1188 Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.

http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html
Third Party Advisory
Exploit
VDB Entry
http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html
Third Party Advisory
Exploit
VDB Entry
http://www.openwall.com/lists/oss-security/2022/04/26/1
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/05/09/1
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/05/09/2
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/05/09/3
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/05/09/4
Patch
Third Party Advisory
Mailing List
https://docs.couchdb.org/en/3.2.2/setup/cluster.html
Broken Link
Product
https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00
Vendor Advisory
Mailing List
https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd
Third Party Advisory
Exploit
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24706
US Government Resource