vulnerability
Apache CouchDB: CVE-2022-24706: Initialization of a Resource with an Insecure Default
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Apr 26, 2022 | May 1, 2025 | May 2, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Apr 26, 2022
Added
May 1, 2025
Modified
May 2, 2025
Description
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
Solution
apache-couchdb-upgrade-latest
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.