Lucene search

K

AttackerKBAKB:9E221A2D-F1F7-4A96-BB73-BC5520AB3B03

HistoryApr 26, 2022 - 12:00 a.m.

CVE-2022-24706

2022-04-2600:00:00

attackerkb.com

16

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

References

packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html

packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html

www.openwall.com/lists/oss-security/2022/04/26/1

www.openwall.com/lists/oss-security/2022/05/09/1

www.openwall.com/lists/oss-security/2022/05/09/2

www.openwall.com/lists/oss-security/2022/05/09/3

www.openwall.com/lists/oss-security/2022/05/09/4

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24706

docs.couchdb.org/en/3.2.2/setup/cluster.html

lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00

medium.com/@_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

Related for AKB:9E221A2D-F1F7-4A96-BB73-BC5520AB3B03

cve1 mageia1 zdt2 openvas4 githubexploit3 osv2 checkpoint_advisories1 nessus1 metasploit1 ubuntucve1 packetstorm2 prion1 cnvd1 cisa_kev1 exploitdb1 rapid7blog1 thn1 ibm1