Mageia: Security Advisory (MGASA-2022-0466)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated couchdb packages fix security vulnerability

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...

Apache CouchDB < 3.2.2 Privilege Escalation Vulnerability - Active Check

Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...

Metasploit Weekly Wrap-Up

C is for cookie And that’s good enough for Apache CouchDB, apparently. Our very own Jack Heysel added an exploit module based on CVE-2022-24706 targeting CouchDB prior to 3.2.2, leveraging a special default ‘monster’ cookie that allows users to run OS commands. This fake computer I just made says...

Apache CouchDB Erlang Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Couchdb Erlang RCE', 'Description' = %q In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installatio...

Apache CouchDB Erlang Remote Code Execution Exploit

In Apache CouchDB versions prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, including a high-severity security flaw affecting industrial automation software from Delta Electronics. The issue, tracked ...

Exploit for Insecure Default Initialization of Resource in Apache Couchdb

Apache CouchDB 3.2.1 - Remote Code Execution RCE CVE-2022-24...

Apache CouchDB < 3.2.2 Remote Privilege Escalation

According to its banner, the version of CouchDB running on the remote host is prior to 3.2.2 It is, therefore, potentially affected by a remote privilege escalation vulnerability. An attacker can access an improperly secured default installation without authenticating and gain admin privileges...

Apache CouchDB 3.2.1 - Remote Code Execution Exploit

Exploit Title: Apache CouchDB 3.2.1 - Remote Code Execution RCE Exploit Author: Konstantin Burov, @sadshade Software Link: https://couchdb.apache.org/ Version: 3.2.1 and below Tested on: Kali 2021.2 Based on 1F98D's Erlang Cookie - Remote Code Execution Shodan: port:4369 "name couchdb at" CVE:...

Apache CouchDB 3.2.1 Remote Code Execution

Exploit Title: Apache CouchDB 3.2.1 - Remote Code Execution RCE Date: 2022-01-21 Exploit Author: Konstantin Burov, @sadshade Software Link: https://couchdb.apache.org/ Version: 3.2.1 and below Tested on: Kali 2021.2 Based on 1F98D's Erlang Cookie - Remote Code Execution Shodan: port:4369 "name...

Apache CouchDB < 3.2.2 Privilege Escalation Vulnerability - Linux - Version Check

Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...

CVE-2022-24706

creationtimestamp| type| source ---|---|--- 2022-04-26 14:36:58+00:00| seen| https://t.me/cibsecurity/41424 2022-04-28 17:51:45+00:00| published-proof-of-concept| https://t.me/cKure/9439 2022-04-29 17:20:21+00:00| published-proof-of-concept| https://t.me/ShlezySecChannel/39 2022-05-22...

CVE-2022-24706

CVE-2022-24706 affects Apache CouchDB before 3.2.2, where an attacker can access an improperly secured default installation without authentication and gain admin privileges due to an access-control flaw. Affected versions include 3.2.1 and earlier; remediation is to upgrade to CouchDB 3.2.2 (or a...

CVE-2022-24706 Remote Code Execution Vulnerability in Packaging

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...

CVE-2022-24706 Remote Code Execution Vulnerability in Packaging

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...

VulnCheck KEV: CVE-2022-24706

Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges...