Unauthenticated Access and Privilege Escalation in Apache CouchDB

Unauthenticated Access and Privilege Escalation in Apache CouchDB

CVE-2022-24706 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.

Learn more about our Cis Benchmark Audit For Apache Http Server.