Mageia 2022-0466: couchdb security update | LinuxSecurity.com
MGASA-2022-0466 - Updated couchdb packages fix security vulnerability

Publication date: 17 Dec 2022
URL: https://advisories.mageia.org/MGASA-2022-0466.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-24706

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly
secured default installation without authenticating and gain admin
privileges. The CouchDB documentation has always made recommendations for
properly securing an installation, including recommending using a firewall
in front of all CouchDB installations. (CVE-2022-24706)

References:
- https://bugs.mageia.org/show_bug.cgi?id=30342
- https://www.openwall.com/lists/oss-security/2022/04/26/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24706

SRPMS:
- 8/core/couchdb-3.2.2-1.mga8

Mageia 2022-0466: couchdb security update

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges

Summary

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations. (CVE-2022-24706)

References

- https://bugs.mageia.org/show_bug.cgi?id=30342

- https://www.openwall.com/lists/oss-security/2022/04/26/1

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24706

Resolution

MGASA-2022-0466 - Updated couchdb packages fix security vulnerability

SRPMS

- 8/core/couchdb-3.2.2-1.mga8

Severity
Publication date: 17 Dec 2022
URL: https://advisories.mageia.org/MGASA-2022-0466.html
Type: security
CVE: CVE-2022-24706

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.