Unrated severityCISA KEVNVD Advisory· Published Apr 26, 2022· Updated Oct 21, 2025
Remote Code Execution Vulnerability in Packaging
CVE-2022-24706
Description
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Apache Software Foundation/Apache CouchDBv5Range: Apache CouchDB
Patches
Vulnerability mechanics
References
10- www.openwall.com/lists/oss-security/2022/04/26/1mitremailing-list
- www.openwall.com/lists/oss-security/2022/05/09/1mitremailing-list
- www.openwall.com/lists/oss-security/2022/05/09/2mitremailing-list
- www.openwall.com/lists/oss-security/2022/05/09/3mitremailing-list
- www.openwall.com/lists/oss-security/2022/05/09/4mitremailing-list
- packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.htmlmitre
- packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.htmlmitre
- docs.couchdb.org/en/3.2.2/setup/cluster.htmlmitre
- lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00mitre
- medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcdmitre
News mentions
0No linked articles in our index yet.