CVE-2022-24706
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache CouchDB | Apache CouchDB <= 3.2.1 | affected |
Weaknesses
- CWE-1188: CWE-1188 Insecure Default Initialization of Resource
Workarounds
CouchDB 3.2.2 and onwards will refuse to start with the former default
Erlang cookie value of monster. Installations that upgrade to this
versions are forced to choose a different value.
In addition, all binary packages have been updated to bind epmd as
well as the CouchDB distribution port to 127.0.0.1 and/or ::1
respectively.
ADP Enrichment
CVE Program Container
Additional References
- https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00
- https://docs.couchdb.org/en/3.2.2/setup/cluster.html
- http://www.openwall.com/lists/oss-security/2022/04/26/1
- http://www.openwall.com/lists/oss-security/2022/05/09/1
- http://www.openwall.com/lists/oss-security/2022/05/09/3
- http://www.openwall.com/lists/oss-security/2022/05/09/4
- http://www.openwall.com/lists/oss-security/2022/05/09/2
- http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html
- https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd
- http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: yes
- Technical Impact: total
Additional References
References
- https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00
- https://docs.couchdb.org/en/3.2.2/setup/cluster.html
- http://www.openwall.com/lists/oss-security/2022/04/26/1
- http://www.openwall.com/lists/oss-security/2022/05/09/1
- http://www.openwall.com/lists/oss-security/2022/05/09/3
- http://www.openwall.com/lists/oss-security/2022/05/09/4
- http://www.openwall.com/lists/oss-security/2022/05/09/2
- http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html
- https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd
- http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.