
CVE-2022-24706
- Reference to the description:
- Description:
- In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
- Last updated date:
- 11/21/2022
Reports

ACTIVELY EXPLOITED
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 08/25/2022
- Reference url to background
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 05/20/2022
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 09/06/2022
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 09/30/2022
- Reference url to background
http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 09/30/2022
- Reference url to background
https://medium.com/@_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 10/27/2022
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 11/21/2022
- Reference url to background
http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html