First published: Tue Apr 26 2022(Updated: )
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
Credit: security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache CouchDB | <3.2.2 | |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-24706 is a vulnerability in Apache CouchDB that allows an attacker to access an improperly secured default installation without authenticating and gain admin privileges.
CVE-2022-24706 has a severity rating of 9.8 (Critical).
CVE-2022-24706 can be exploited by an attacker to gain admin privileges in an improperly secured default installation of Apache CouchDB, without the need for authentication.
The affected software versions of CVE-2022-24706 are Apache CouchDB up to version 3.2.2.
To mitigate CVE-2022-24706, it is recommended to properly secure your Apache CouchDB installation by following the CouchDB documentation's recommendations, such as using a firewall.