Description
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Apache Software Foundation / Apache CouchDBApache CouchDB – 3.2.1
Exploits & PoCs
- nucleiCouchDB Erlang Distribution - Remote Command Executionby Mzack9999,pussycat0x
References
- MAILING_LISThttps://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00
- MISChttps://docs.couchdb.org/en/3.2.2/setup/cluster.html
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2022/04/26/1
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2022/05/09/1
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2022/05/09/3
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2022/05/09/4
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2022/05/09/2
- EXPLOIThttp://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html
- MISChttps://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd
- EXPLOIThttp://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html