Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-24706— Remote Code Execution Vulnerability in Packaging

KEV EPSS 94.37% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-24706

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Remote Code Execution Vulnerability in Packaging
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
不安全的默认资源初始化
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache CouchDB 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache CouchDB是美国阿帕奇(Apache)基金会的使用Erlang开发的一套面向文档的数据库系统。 Apache CouchDB 3.2.2 之前存在访问控制错误漏洞,该漏洞源于攻击者可以在不进行身份验证的情况下访问不正确的默认安装并获得管理员权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
Apache Software FoundationApache CouchDB Apache CouchDB ~ 3.2.1 -

II. Public POCs for CVE-2022-24706

#POC DescriptionSource LinkShenlong Link
1Apache CouchDB 3.2.1 - Remote Code Execution (RCE)https://github.com/sadshade/CVE-2022-24706-CouchDB-ExploitPOC Details
2I wrote a blog post about Apache CouchDB CVE-2022-24706 RCE Exploitshttps://github.com/ahmetsabrimert/Apache-CouchDB-CVE-2022-24706-RCE-Exploits-Blog-post-POC Details
3CVE-2022-24706 POC exploithttps://github.com/superzerosec/CVE-2022-24706POC Details
4Apache CouchDB 3.2.1 - Remote Code Execution (RCE) Checkerhttps://github.com/becrevex/CVE-2022-24706POC Details
5In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2022/CVE-2022-24706.yamlPOC Details
6Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E6%95%B0%E6%8D%AE%E5%BA%93%E6%BC%8F%E6%B4%9E/Apache%20CouchDB%20epmd%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2022-24706.mdPOC Details
7Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E6%95%B0%E6%8D%AE%E5%BA%93%E6%BC%8F%E6%B4%9E/Apache%20CouchDB%20%E5%88%86%E5%B8%83%E5%BC%8F%E5%8D%8F%E8%AE%AE%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%20CVE-2022-24706.mdPOC Details
8https://github.com/vulhub/vulhub/blob/master/couchdb/CVE-2022-24706/README.mdPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-24706

登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: Apache CouchDB
Same vendor: Apache Software Foundation
Same weakness: CWE-1188

V. Comments for CVE-2022-24706

No comments yet

Leave a comment