Mageia: 2022-0466 Critical Advisory: CouchDB Admin Access Risk
mageia
December 17, 2022
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges
Summary
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly
secured default installation without authenticating and gain admin
privileges. The CouchDB documentation has always made recommendations for
properly securing an installation, including recommending using a firewall
in front of all CouchDB installations. (CVE-2022-24706)
References
- https://bugs.mageia.org/show_bug.cgi?id=30342
- https://www.openwall.com/lists/oss-security/2022/04/26/1
- https://www.cve.org/CVERecord?id=CVE-2022-24706
Topics Covered
Resolution
SRPMS
- 8/core/couchdb-3.2.2-1.mga8
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 17 Dec 2022
URL: https://advisories.mageia.org/MGASA-2022-0466.html
Type: security
CVE: CVE-2022-24706
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!