Unrated severityCISA KEVNVD Advisory· Published Apr 26, 2022· Updated Oct 21, 2025
Remote Code Execution Vulnerability in Packaging
CVE-2022-24706
Description
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
Affected products
1- Apache Software Foundation/Apache CouchDBv5Range: Apache CouchDB
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- www.openwall.com/lists/oss-security/2022/04/26/1mitremailing-list
- www.openwall.com/lists/oss-security/2022/05/09/1mitremailing-list
- www.openwall.com/lists/oss-security/2022/05/09/2mitremailing-list
- www.openwall.com/lists/oss-security/2022/05/09/3mitremailing-list
- www.openwall.com/lists/oss-security/2022/05/09/4mitremailing-list
- packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.htmlmitre
- packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.htmlmitre
- docs.couchdb.org/en/3.2.2/setup/cluster.htmlmitre
- lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00mitre
- medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcdmitre
News mentions
0No linked articles in our index yet.