Vulnerability — CVE-2022-24706

CVE-2022-24706

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2022-24706
Description:: In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
Last updated date:: 11/21/2022

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 08/25/2022
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/20/2022
Reference url to background: https://github.com/sadshade/CVE-2022-24706-CouchDB-Exploit

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/06/2022
Reference url to background: https://github.com/trhacknon/CVE-2022-24706-CouchDB-Exploit

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/30/2022
Reference url to background: http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/30/2022
Reference url to background: https://medium.com/@_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd

Type:: exploit
Confidence:: HIGH
Date of publishing:: 10/27/2022
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/apache_couchdb_erlang_rce.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 11/21/2022
Reference url to background: http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html