CVE-2022-24706

Name of the Vulnerable Software and Affected Versions Apache CouchDB versions prior to 3.2.2

Description The issue concerns an improperly secured default installation of Apache CouchDB, allowing an attacker to access the system without authentication and gain admin privileges. The CouchDB documentation recommends properly securing an installation, including using a firewall in front of all CouchDB installations. It is estimated that a significant number of installations may be vulnerable, with reports suggesting around 80,000 results from a ZoomEye query and over 1,500 results from a Shodan search.

Recommendations For Apache CouchDB versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue. As a temporary workaround, consider using a firewall in front of the CouchDB installation to restrict access and minimize the risk of exploitation. Additionally, follow the recommendations in the CouchDB documentation for properly securing an installation.