CVE-2022-24706

CVE Database · CVE-2022-24706

CVE-2022-24706

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

92.33%

Published

Apr 26, 2022

Modified

Oct 28, 2025

CISA Known Exploited Vulnerability

Added: 2022-08-25 · Due: 2022-09-15

Apply updates per vendor instructions.

Public PoC / Exploit (6)

All weaponized →

Exploit-DBApache CouchDB 3.2.1 - Remote Code Execution (RCE)TrickestTrickest PoC index GitHub PoCsadshade/CVE-2022-24706-CouchDB-Exploit★29 GitHub PoCahmetsabrimert/Apache-CouchDB-CVE-2022-24706-RCE-Exploits-Blog-post-★1 GitHub PoCsuperzerosec/CVE-2022-24706★0 GitHub PoCbecrevex/CVE-2022-24706★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-1188CWE-1188

Affected Products (1)

apache · couchdb (up to 3.2.2)vulnerable

References (20)

http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html

ExploitThird Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2022/04/26/1

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2022/05/09/1

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2022/05/09/2

KEV Catalog EPSS Scores Vendors All CVEs