CVE-2022-24706
CRITICAL9.8⚠ KEVEPSS 94.4%Remote Code Execution Vulnerability in Packaging
發布日:2024/3/6修改日:2025/10/22加入 CISA KEV 日:2022/8/25
描述
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
受影響套件(1)
- Bitnami/couchdbfrom 0, < 3.2.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(12)
- WEBhttp://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html
- WEBhttp://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html
- WEBhttps://docs.couchdb.org/en/3.2.2/setup/cluster.html
- WEBhttps://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00
- WEBhttps://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2022-24706
- WEBhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24706
- WEBhttp://www.openwall.com/lists/oss-security/2022/04/26/1
- WEBhttp://www.openwall.com/lists/oss-security/2022/05/09/1
- WEBhttp://www.openwall.com/lists/oss-security/2022/05/09/2
- WEBhttp://www.openwall.com/lists/oss-security/2022/05/09/3
- WEBhttp://www.openwall.com/lists/oss-security/2022/05/09/4