PRP: Unauthenticated Remote Code Execution in Apache CouchDB CVE-2022-24706 #517
Assignees
Labels
Contributor queue
When a contributor has already one issue/PR in review, we put the following ones on hold with this.
Comments
frkngksl
changed the title
tooryx
added
the
Contributor queue
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I want to implement a detection plugin for CVE-2022-24706
Software Detail: Apache CouchDB ™ lets you access your data where you need it. The Couch Replication Protocol is implemented in a variety of projects and products that span every imaginable computing environment from globally distributed server-clusters, over mobile phones to web browsers.
Vulnerability Detail: In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
Ref: https://medium.com/@ahmetsabrimert/apache-couchdb-cve-2022-24706-rce-exploits-548fe52f8c02
Ref: https://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html
The text was updated successfully, but these errors were encountered: